CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

WordPress LearnPress plugin <= 4.2.6.3 - Insecure Direct Object Reference vulnerability

Insecure Direct Object Reference vulnerability discovered by drop in WordPress Plugin LearnPress versions = 4.2.6.3...

PT-2024-22678 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.6 Description: The issue allows an authenticated user to exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files,...

CVE-2023-6969

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

PT-2024-12552 · Bagisto · Bagisto

Name of the Vulnerable Software and Affected Versions: Bagisto versions 1.5.0 through 1.5.1 Description: The issue allows an attacker to obtain sensitive information via the invoice ID parameter, which is an example of an Insecure Direct Object Reference IDOR. This means that an attacker can...

Webkul Software Bagisto Security Vulnerability

Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version v.1.5.0, which stems from an insecure direct object reference IDOR issue that allows an attacker to obtain sensitive information v...

PT-2024-13730 · Ellucian · Ellucian Banner

Name of the Vulnerable Software and Affected Versions: Ellucian Banner version 9.17 Description: The issue allows Insecure Direct Object Reference IDOR via a modified bannerId to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint. This means an attacker could potentially access...

WordPress plugin Starbox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

PT-2024-15184 · Avaya · Avaya Aura Experience Portal Manager

Name of the Vulnerable Software and Affected Versions: Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402 Avaya Aura Experience Portal Manager versions prior to 8.0 Description: Insecure Direct Object Reference vulnerabilities were discovered in the Avaya...

WordPress Plugin LearnPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Contact Form Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin WP 2FA Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-50342

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference IDOR vulnerability. A user can obtain certain details about another user as a result of improper access control...

WordPress plugin WP Photo Album Plus security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

PT-2023-7927 · Hitachi Vantara · Hitachi Vantara Hnas

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara HNAS versions prior to 14.8.7825.01 Description: The issue allows authenticated users to access sensitive information through Insecure Direct Object Reference IDOR. This can be achieved by manipulating URLs, enabling users in...

Incorrect Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Incorrect Authorization through the V1/customers/me endpoint. An attacker can achieve information exposure and privilege escalation by triggering an...

Economizzer Security Vulnerabilities

Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which stems from an insecure direct object reference vulnerability that could allow an...

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...