Lucene search
K

3461 matches found

OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2024-2346

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.35 views

CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.22 views

CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/02 12:0 a.m.26 views

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...

8.8CVSS6.7AI score0.00448EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-19882 · WordPress · Filebird

Name of the Vulnerable Software and Affected Versions: The FileBird – WordPress Media Library Folders & File Manager plugin versions up to, and including, 5.6.3 Description: The issue allows authenticated attackers with author access or higher to delete folders created by other users, making thei...

5.4CVSS6.7AI score0.00308EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.23 views

Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

Description The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo...

4.3CVSS6.7AI score0.00411EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-33939

The Masteriyo LMS Plugin for WordPress is vulnerable to an insecure direct object reference that could allow unauthenticated adversaries to view other users course progress. Versions up to and including 1.7.3 are vulnerable via the REST API...

5.3CVSS5.7AI score0.00843EPSS
Exploits0References1
OSV
OSV
added 2024/04/29 6:15 p.m.2 views

CVE-2024-28320

Insecure Direct Object References IDOR vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for unauthorized access and modifications via crafted POST request to /patient/edit-user.php...

7.6CVSS5.8AI score0.00528EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.29 views

Rate My Post – Star Rating Plugin by FeedbackWP < 3.4.5 - Insecure Direct Object Reference

Description The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to rate priva...

5.3CVSS7AI score0.00404EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pgshowmsgpanel function. This makes it...

8.8CVSS6.7AI score0.00448EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/24 10:18 a.m.21 views

CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9...

5.4CVSS5.8AI score0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/24 10:18 a.m.12 views

CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9...

5.4CVSS6.9AI score0.00448EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Insecure Direct Object Reference

Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 16.26.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.7AI score0.00357EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/22 2:46 p.m.5 views

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

8.8CVSS7AI score0.00448EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 6:47 a.m.7 views

WordPress Tickera plugin < 3.5.2.5 - Ticket leakage through IDOR vulnerability

Ticket leakage through IDOR vulnerability discovered by Martin Thirup Christensen in WordPress Plugin Tickera versions 3.5.2.5...

5.3CVSS7AI score0.00515EPSS
Exploits2References1Affected Software1
0day.today
0day.today
added 2024/04/22 12:0 a.m.263 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber....

7.5AI score
Exploits0
NVD
NVD
added 2024/04/19 2:15 p.m.20 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

8.8CVSS6.6AI score0.00738EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

WeBid 安全漏洞

WeBid is an open source auction website building solution. A security vulnerability exists in WeBid v1.2.1, which stems from the presence of an insecure direct object reference and access control corruption vulnerability...

8.8CVSS6.9AI score0.00738EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/19 12:0 a.m.24 views

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

6.8AI score0.00738EPSS
Exploits1References1
CVE
CVE
added 2024/04/19 12:0 a.m.50 views

CVE-2024-32166

The CVE-2024-32166 issue affects Webid v1.2.1 and is an Insecure Direct Object Reference (IDOR) leading to Broken Access Control. This allows horizontal privilege escalation—attackers can prematurely complete a purchase on a suspended auction. Root cause and exact vulnerable component are describ...

8.8CVSS6.9AI score0.00738EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder