WordPress Themes Coder plugin <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Themes Coder versions = 1.3.4...

WordPress WP Job Portal plugin <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Apostolos Sakellariou in WordPress Plugin WP Job Portal versions = 2.2.4...

Oqtane Framework 安全漏洞

Oqtane Framework is an open source content management system CMS and application framework from Oqtane Open Source. A security vulnerability exists in Oqtane Framework version 6.0.0, which stems from an insecure direct object reference that allows a logged-in user to access other user's messages ...

PT-2025-3275 · One Identity · One Identity Identity Manager

Name of the Vulnerable Software and Affected Versions: One Identity Identity Manager versions prior to 9.3 Description: An insecure direct object reference IDOR issue allows privilege escalation. Only On-Premise installations are affected. The vulnerability can be exploited by a remote attacker t...

SUSE CVE-2024-46528

An Insecure Direct Object Reference IDOR vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks...

Online Birth Certificate System Insecure Direct Object Reference Vulnerability

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from an insecure direct object reference vulnerability that stems from a lack of proper authorization checking of the viewid parameter in the /user/view-application-detail.php file. ...

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...

WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WPCasa versions = 1.2.13...

PT-2024-9175 · Absysnet · Absysnet

Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...

AbsysNET 安全漏洞

AbsysNET is an open source library online management system from Library Technology Guides. A security vulnerability exists in AbsysNet version 2.3.1, which stems from an insecure direct object reference that allows an attacker to obtain an unauthenticated user session by brute-force attacking th...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is an application system. The Beauty Parlour Management System suffers from an insecure direct object reference vulnerability that could be exploited by an attacker to gain access to personally identifiable information of other customers...

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...

CVE-2024-9263

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin for WordPress (versions

WordPress plugin PublishPress Authors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress PublishPress Authors plugin <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary User Email Update and Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin PublishPress Authors versions = 4.7.1...

PT-2024-39496 · WordPress · Publishpress Authors

Name of the Vulnerable Software and Affected Versions: PublishPress Authors plugin for WordPress versions up to, and including, 4.7.1 Description: The issue is related to Insecure Direct Object Reference, which can lead to Privilege Escalation and Account Takeover. This is due to missing validati...

PT-2024-32021 · Unknown · Kubesphere +1

Name of the Vulnerable Software and Affected Versions: KubeSphere versions 3.x through 3.4.1 KubeSphere versions 4.x through 4.1.1 KubeSphere Enterprise versions 3.x through 3.5.0 KubeSphere Enterprise versions 4.x through 4.1.3 Description: An Insecure Direct Object Reference IDOR vulnerability...

PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend

Name of the Vulnerable Software and Affected Versions: aimeos/ai-controller-frontend versions prior to 2024.4.2 aimeos/ai-controller-frontend versions prior to 2023.10.9 aimeos/ai-controller-frontend versions prior to 2022.10.8 aimeos/ai-controller-frontend versions prior to 2021.10.8...

PT-2024-38918 · WordPress +1 · Bookings Subscription Listings Compatible +1

Name of the Vulnerable Software and Affected Versions: WCFM – Frontend Manager for WooCommerce versions up to, and including, 6.7.12 Description: The issue is related to Insecure Direct Object Reference, which affects the WCFM – Frontend Manager for WooCommerce along with the Bookings Subscriptio...

Mirapolis LMS 安全漏洞

Mirapolis LMS is a modern distance learning management system from Mirapolis. A security vulnerability exists in Mirapolis LMS 4.6.XX that stems from an insecure direct object reference IDOR that allows an authenticated user to expose sensitive user data by manipulating the ID parameter and...