4442 matches found
EUVD-2026-11074
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
EUVD-2026-10912
Sylius affected by IDOR in Cart and Checkout LiveComponents...
EUVD-2026-10913
Sylius affected by IDOR in Cart and Checkout LiveComponents...
PT-2026-24599
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the ha condition update AJAX action. This is due to the validate reqeust method using current user can'edit posts', $template id instead of curren...
PT-2026-24655
🚨 CVE-2026-1992 The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the store settings method in the ExactMetrics Onboarding class accepting a user-supplied triggered by parameter that...
PT-2026-24568
Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.11 Description The ProfilePress plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is a result of a lack of ownership validation on the change plan sub id parameter within...
WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...
WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Stored Cross-Site Scripting via Template Conditions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...
CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...
CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents
Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...
CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...
Craft Commerce: Potential IDOR in Commerce carts
An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. This vulnerability enables the takeover of shopping sessions and potential exposure of PII...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...
📄 Vvveb CMS 1.0.5 Insecure Direct Object Reference
A one liner of details for how to leverage the insecure direct object reference vulnerability in Vvveb CMS version 1.0.5. The research later discovered this also affects version 1.0.7.3...
PT-2026-24637
An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. This vulnerability enables the takeover of shopping sessions and potential exposure of PII...
PT-2026-24653
An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. This vulnerability enables the takeover of shopping sessions and potential exposure of PII...
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure
WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...
CVE-2026-25045
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
CVE-2026-25045
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
CVE-2026-25045
Budibase (backend API /api/global/users) is affected by a missing server-side RBAC check allowing Creator-level users to elevate privileges (e.g., promote Tenant Admin, demote Admin, modify Owner) and perform IDOR actions, leading to full tenant compromise. Root cause: RBAC checks not enforced se...