WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by ch4r0n in WordPress Plugin Maya Business versions = 1.2.0...

WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Houzez versions = 4.2.5...

CVE-2025-39362 WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability

Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce.This issue affects Mollie Payments for WooCommerce: from n/a through = 8.0.2...

WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Mollie Payments for WooCommerce versions = 8.0.2...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...

CVE-2025-50693

The CVE-2025-50693 entry applies to PHPGurukul Online DJ Booking Management System 2.0, with an Insecure Direct Object Reference (IDOR) in odms/request-details.php. The root cause is IDOR allowing access to potentially sensitive information (impact: confidentiality – None, integrity – Low, availa...

PT-2025-26752 · Unknown · Phpgurukul Online Dj Booking Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online DJ Booking Management System version 2.0 Description: The issue is related to Insecure Direct Object Reference IDOR in the odms/request-details.php file. This could potentially allow unauthorized access to sensitive...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

CVE-2025-52920

Innoshop (v0.4.1 and earlier) is affected by an IDOR vulnerability in the frontend store. The issue allows disclosure of other customers’ PII and deletion of their product reviews by manipulating IDs in endpoints such as /en/account/orders/{ORDER_ID} and /en/account/reviews/{REVIEW_ID}, or by alt...

PT-2025-26591 · Innoshop · Innoshop

Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...

CVE-2025-49978

CVE-2025-49978 describes an Insecure Direct Object References (IDOR) vulnerability in the WordPress JobSearch plugin (WP Job Board) versions n/a through 2.9.0. The issue is an Authorization Bypass Through User-Controlled Key , enabling bypass of access controls for certain resources. This is supp...

CVE-2025-49995 WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1...

WordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin JobSearch versions 3.0.6...

WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by haudayroi - BlueRock in WordPress Plugin Download Attachments versions = 1.3.1...