Lucene search
K

3461 matches found

NVD
NVD
added 2024/01/11 7:15 a.m.18 views

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS4.3AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2024/01/11 7:15 a.m.30 views

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS4.6AI score0.0047EPSS
Exploits0References3
OSV
OSV
added 2024/01/11 7:15 a.m.2 views

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References3
OSV
OSV
added 2024/01/11 7:15 a.m.5 views

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS7.3AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2024/01/11 7:15 a.m.22 views

Input validation

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4CVSS6.8AI score0.00347EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/11 7:15 a.m.17 views

Design/Logic Flaw

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4CVSS7.1AI score0.0047EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/11 6:49 a.m.28 views

CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS5AI score0.0047EPSS
Exploits0References3
CVE
CVE
added 2024/01/11 6:49 a.m.87 views

CVE-2023-6506

The CVE-2023-6506 entry concerns the WP 2FA – Two-factor authentication for WordPress plugin. Affected: WP 2FA, versions up to and including 2.5.0. Issue: insecure direct object reference (IDOR) via send_backup_codes_email caused by missing validation on a user-controlled key, enabling subscriber...

4.3CVSS5AI score0.0047EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 6:49 a.m.4 views

CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS6.8AI score0.0047EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/11 6:49 a.m.24 views

CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS5.7AI score0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/11 6:49 a.m.8 views

CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS6.6AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 2024/01/11 6:49 a.m.125 views

CVE-2023-6223

CVE-2023-6223 affects the LearnPress – WordPress LMS Plugin. The issue is an insecure direct object reference (IDOR) in all versions up to and including 4.2.5.7, exposed via the /wp-json/lp/v1/profile/course-tab REST API. Missing validation on the userID parameter lets authenticated users with su...

4.3CVSS5.3AI score0.00347EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/11 5:15 a.m.20 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS4.4AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/01/11 5:15 a.m.2 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.9AI score
Exploits0References2
Prion
Prion
added 2024/01/11 5:15 a.m.21 views

Input validation

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4CVSS6.8AI score0.00349EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/11 4:30 a.m.33 views

CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS4.8AI score0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/11 4:30 a.m.5 views

CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS6.8AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/01/11 4:30 a.m.50 views

CVE-2023-6630

CVE-2023-6630 : The WordPress plugin “Contact Form 7 – Dynamic Text Extension” ( 4.1.0); PatchStack lists 4.2.0 as the fix. Other sources corroborate the vulnerability and describe it as a broken access control issue with low overall CVSS (4.3). Actionable takeaway: apply the patch to affected in...

4.3CVSS4.8AI score0.00349EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/03 3:15 a.m.25 views

CVE-2023-50342

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

7.1CVSS6.9AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/03 2:39 a.m.28 views

CVE-2023-50342 Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

7.1CVSS7.1AI score0.00291EPSS
Exploits0References1
Rows per page
Query Builder