Lucene search
K

458 matches found

Patchstack
Patchstack
added 2026/01/29 6:44 a.m.7 views

WordPress Shiprocket plugin <= 2.0.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin Shiprocket versions = 2.0.8...

5.9AI score0.00304EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/24 1:27 p.m.12 views

WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin WP Job Portal versions = 2.4.3...

9.1CVSS5.9AI score0.00234EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/01/23 2:29 p.m.31 views

CVE-2026-24634 WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through = 3.2.16...

5.3CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.20 views

CVE-2026-22396 WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through = 1.0...

5.4CVSS0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-4213

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS5.9AI score0.00615EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 4:33 p.m.25 views

CVE-2026-22489 WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through = 1.8...

4.3CVSS0.0017EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/06 10:15 p.m.9 views

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.2 - Insecure Direct Object Reference to Authenticated Instructor+ Teacher Material Deletion vulnerability discovered by Deniz Mert dennywise in WordPress Plugin LearnPress versions = 4.3.2.1...

5.4CVSS6.8AI score0.00295EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/31 3:25 p.m.3 views

CVE-2025-49334 WordPress MyD Delivery plugin <= 1.3.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through 1.3.7...

5.3CVSS6.6AI score0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53350

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System has multiple insecure direct object reference issues. These allow attackers to access sensitive user credentials, including retrieving authenticated and...

7.5CVSS6.8AI score0.00308EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/18 4:18 p.m.26 views

CVE-2025-64282 WordPress Radius Blocks plugin <= 2.2.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks radius-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through = 2.2.1...

4.3CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.29 views

CVE-2025-67985 WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.3CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 1:23 p.m.9 views

CVE-2025-41069 Insecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSite

Insecure Direct Object Reference IDOR vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in...

5.3CVSS0.0022EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/12 11:24 p.m.7 views

WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference vulnerability

Authenticated Author+ Insecure Direct Object Reference vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin PageLayer versions = 2.0.5...

4.3CVSS6.7AI score0.00213EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/05 11:5 a.m.7 views

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS6.5AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-49952 WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.2.5...

6.5CVSS5.1AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.7 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.3CVSS6.5AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2025/10/12 3:15 a.m.5 views

CVE-2025-31997

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References IDOR. An attacker can bypass authorization and access resources in the system directly, for example database records or files...

7.5CVSS5.8AI score0.00204EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-23450

Malware in sbrugna...

8.8CVSS8.6AI score0.01064EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-23482

Malware in sbrugna...

8.8CVSS8.5AI score0.00525EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6331

Malware in sbrugna...

4.3CVSS4.7AI score0.01215EPSS
Exploits0References2
Rows per page
Query Builder