701 matches found
CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...
CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...
PT-2026-25667
Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin usuarios.cgi?filtro estado=T&wAccion=listado xlsx&wBuscar=&wFiltrar=&wOrden=alta usuario&wid cursoActual=ID' where the data of users enrolled in the course is exported...
CVE-2026-1883 Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...
PT-2026-25528
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete folders function due to missing validation on a user controlled key. This makes it possib...
CVE-2026-2257
The GetGenie WordPress plugin
CVE-2026-2879
The CVE-2026-2879 entry concerns GetGenie (WordPress) plugin
CVE-2026-1704 Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...
CVE-2026-1992
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
CVE-2026-1992
The vulnerability CVE-2026-1992 affects the ExactMetrics – Google Analytics Dashboard for WordPress plugin (versions 8.6.0–9.0.2). Root cause: the store_settings() method in ExactMetrics_Onboarding uses a user-supplied triggered_by parameter to identify the user, instead of the current user’s ID,...
CVE-2026-2917
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
WordPress ProfilePress plugin <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Subscription Cancellation/Expiration vulnerability discovered by kai63001 in WordPress Plugin ProfilePress versions = 4.16.11...
Craft Commerce 安全漏洞
Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions prior to 4.11.0 and 5.6.0 of Craft Commerce contained security vulnerabilities. These vulnerabilities stemmed from a lack of ownership verification in the shopping cart functionality, which coul...
PT-2026-24598
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the ha duplicate thing admin action handler. This is due to the can clone method only checking current user can'edit posts' a general capability...
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
EUVD-2026-10438
Admidio: Event participation IDOR - non-leaders can register other users for events via useruuid parameter...
PT-2026-24107
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
CVE-2026-2371
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 12.8.3. This is due to missing authorization and post status validation in the gspbelreusableload AJAX handler. The handler accepts an...