695 matches found
CVE-2019-14725
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account...
CVE-2025-3874
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and...
WordPress NP Quote Request for WooCommerce plugin <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Tim Coen in WordPress Plugin NP Quote Request for WooCommerce versions = 1.9.179...
WordPress Business Directory plugin <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition vulnerability
Insecure Direct Object Reference to Listing Arbitrary Image Addition vulnerability discovered by Rein Daelman trein in WordPress Plugin Business Directory versions = 6.4.14...
WordPress FooGallery plugin <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates vulnerability
Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Post/Page Updates vulnerability discovered by Stiofan in WordPress Plugin FooGallery versions = 2.4.29...
WordPress SupportCandy plugin <= 3.3.0 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin SupportCandy versions = 3.3.0...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
CVE-2024-13855
The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2024-13719
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...
WordPress plugin Return Refund and Exchange For WooCommerce 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An authorization issue vulnerability exists...
Anapi h6web 安全漏洞
Anapi h6web is a management software from Anapi. A security vulnerability exists in Anapi h6web that stems from the presence of an insecure direct object reference vulnerability that could lead to an attacker obtaining information about other users...
PT-2025-6823 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.7 through 17.6.5 GitLab EE versions 17.7 through 17.7.4 GitLab EE versions 17.8 through 17.8.2 Description: An insecure direct object reference vulnerability exists in GitLab EE. This issue allows an attacker to view...
WordPress Majestic Support plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Majestic Support versions = 1.0.5...
CVE-2024-9263
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...
WordPress plugin JS Help Desk 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-13425
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete function due to missing validation on a user controlled key. This makes it...
WordPress plugin WP Job Portal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin WP Job Portal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-1760 · WordPress · Wp Job Portal
Name of the Vulnerable Software and Affected Versions: WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.5 Description: The issue is related to Insecure Direct Object Reference due to missing validation on a user...