Lucene search
K

196 matches found

Patchstack
Patchstack
added 2026/03/16 10:6 a.m.5 views

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Tutor LMS versions = 3.9.4...

6.5CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions 8.32 and 8.33 of WeKan contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow unauthorized users to modify custom fields across dashboards...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

7.1CVSS5.8AI score0.0022EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:47 p.m.16 views

CVE-2026-24950

CVE-2026-24950 affects the WordPress Authorsy plugin up to version 1.0.6. The root cause is an Insecure Direct Object Reference (IDOR) resulting from an authorization bypass driven by a user-controlled key, enabling access control bypass on resources handled by Authorsy. Public data shows CVSS v3...

7.5CVSS5.5AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.7 views

CVE-2026-22383 WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a...

7.5CVSS5.4AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.27 views

CVE-2025-69394 WordPress Cnvrse plugin < 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through 026.02.10.20...

7.5CVSS0.00445EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.6 views

CVE-2025-69394 WordPress Cnvrse plugin < 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through 026.02.10.20...

7.5CVSS5.9AI score0.00445EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:26 a.m.10 views

CVE-2026-25324

CVE-2026-25324 involves the WordPress Quiz And Survey Master plugin (

5.3CVSS5.4AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.10 views

WordPress plugin Kali Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/17 11:46 a.m.7 views

WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme = 1.3 - Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...

5.4CVSS5.5AI score0.00271EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

WordPress plugin WCFM Marketplace – Multivendor Marketplace for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

WordPress plugin WCFM Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00256EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Axis Camera Station Pro 安全漏洞

Axis Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in Axis Camera Station Pro, which stems from insecure direct object references. This vulnerability may allow non-administrator users to modify or delete certain data...

5.7CVSS5.8AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.17 views

CVE-2026-1271

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:8 p.m.3 views

CVE-2026-24991 WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

5.3CVSS5.3AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 7:31 a.m.30 views

CVE-2026-1375 Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References IDOR in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the courselistbulkaction, bulkdeletecourse, and...

8.1CVSS0.00345EPSS
Exploits1References5
CVE
CVE
added 2026/01/23 2:29 p.m.10 views

CVE-2026-24634

CVE-2026-24634 is an Authorization Bypass vulnerability in Rustaurius Ultimate Reviews (WordPress plugin “Ultimate Reviews”). Public records indicate it affects Ultimate Reviews versions up to and including 3.2.16, arising from Incorrectly Configured Access Control Security Levels and a user-cont...

5.3CVSS5.4AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder