2754 matches found
GHSA-42CR-W2GR-M54Q wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...
CVE-2026-2356
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...
PT-2026-22156
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. An IDOR vulnerability exists in the directory items endpoint, allowing...
WordPress User Registration & Membership plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability
Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability discovered by hoshino in WordPress Plugin User Registration versions = 5.1.2...
CVE-2026-27705 Plane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patch
Plane is an an open-source project management tool. Prior to version 1.2.2, the ProjectAssetEndpoint.patch method in apps/api/plane/app/views/asset/v2.py lines 579–593 performs a global asset lookup using only the asset ID pk via FileAsset.objects.getid=pk, without verifying that the asset belong...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
EUVD-2025-207543
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...
CVE-2026-2997
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
CVE-2026-2997 WisdomGarden|Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
CVE-2025-69394
CVE-2025-69394 affects the WordPress plugin cnvrse (Cnvrse) for versions up to 0.26.02.10.20. It is an unauthenticated IDOR vulnerability (insecure direct object reference) that can enable unauthorized access to objects via a user-controlled key, as described in Red Hat and Patchstack entries and...
Insecure Direct Object Reference (IDOR)
pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks on file UUIDs, which allows an attacker to access sensitive files of other users by manipulating or guessing valid UUID values...
CVE-2026-25005
CVE-2026-25005 affects WordPress Frontend File Manager plugin versions up to and including 23.5, with an Insecure Direct Object References (IDOR) vulnerability that enables an Authorization Bypass through a user-controlled key, due to misconfigured access controls in the nmedia-user-file-uploader...
PT-2026-20776
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load track note ajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated...
CVE-2026-1860
The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...
CVE-2026-1860 Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure
The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...
CVE-2026-1906
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the wpoipsedisaveordercustomerpeppolidentifiers AJAX action due to missing capability checks and order ownership validation. This...
CVE-2025-12071
The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2025-14608
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...