196 matches found
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Tutor LMS versions = 3.9.4...
WordPress plugin Happy Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress plugin Happy Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions 8.32 and 8.33 of WeKan contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow unauthorized users to modify custom fields across dashboards...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...
CVE-2026-24950
CVE-2026-24950 affects the WordPress Authorsy plugin up to version 1.0.6. The root cause is an Insecure Direct Object Reference (IDOR) resulting from an authorization bypass driven by a user-controlled key, enabling access control bypass on resources handled by Authorsy. Public data shows CVSS v3...
CVE-2026-22383 WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a...
CVE-2025-69394 WordPress Cnvrse plugin < 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through 026.02.10.20...
CVE-2025-69394 WordPress Cnvrse plugin < 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through 026.02.10.20...
CVE-2026-25324
CVE-2026-25324 involves the WordPress Quiz And Survey Master plugin (
WordPress plugin Kali Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme = 1.3 - Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...
WordPress plugin WCFM Marketplace – Multivendor Marketplace for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin WCFM Membership 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Axis Camera Station Pro 安全漏洞
Axis Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in Axis Camera Station Pro, which stems from insecure direct object references. This vulnerability may allow non-administrator users to modify or delete certain data...
CVE-2026-1271
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...
CVE-2026-24991 WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...
CVE-2026-1375 Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References IDOR in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the courselistbulkaction, bulkdeletecourse, and...
CVE-2026-24634
CVE-2026-24634 is an Authorization Bypass vulnerability in Rustaurius Ultimate Reviews (WordPress plugin “Ultimate Reviews”). Public records indicate it affects Ultimate Reviews versions up to and including 3.2.16, arising from Incorrectly Configured Access Control Security Levels and a user-cont...