Anapi h6web 安全漏洞

Anapi h6web is a management software from Anapi. A security vulnerability exists in Anapi h6web that stems from the presence of an insecure direct object reference vulnerability that could lead to an attacker obtaining information about other users...

PT-2025-6823 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.7 through 17.6.5 GitLab EE versions 17.7 through 17.7.4 GitLab EE versions 17.8 through 17.8.2 Description: An insecure direct object reference vulnerability exists in GitLab EE. This issue allows an attacker to view...

WordPress Majestic Support plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Majestic Support versions = 1.0.5...

CVE-2024-9263

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...

WordPress plugin JS Help Desk 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-13425

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete function due to missing validation on a user controlled key. This makes it...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1760 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.5 Description: The issue is related to Insecure Direct Object Reference due to missing validation on a user...

WordPress Themes Coder plugin <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Themes Coder versions = 1.3.4...

WordPress WP Job Portal plugin <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Apostolos Sakellariou in WordPress Plugin WP Job Portal versions = 2.2.4...

Oqtane Framework 安全漏洞

Oqtane Framework is an open source content management system CMS and application framework from Oqtane Open Source. A security vulnerability exists in Oqtane Framework version 6.0.0, which stems from an insecure direct object reference that allows a logged-in user to access other user's messages ...

PT-2025-3275 · One Identity · One Identity Identity Manager

Name of the Vulnerable Software and Affected Versions: One Identity Identity Manager versions prior to 9.3 Description: An insecure direct object reference IDOR issue allows privilege escalation. Only On-Premise installations are affected. The vulnerability can be exploited by a remote attacker t...

SUSE CVE-2024-46528

An Insecure Direct Object Reference IDOR vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks...

Online Birth Certificate System Insecure Direct Object Reference Vulnerability

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from an insecure direct object reference vulnerability that stems from a lack of proper authorization checking of the viewid parameter in the /user/view-application-detail.php file. ...

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...

WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin WPCasa versions = 1.2.13...

AbsysNET 安全漏洞

AbsysNET is an open source library online management system from Library Technology Guides. A security vulnerability exists in AbsysNet version 2.3.1, which stems from an insecure direct object reference that allows an attacker to obtain an unauthenticated user session by brute-force attacking th...

PT-2024-9175 · Absysnet · Absysnet

Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is an application system. The Beauty Parlour Management System suffers from an insecure direct object reference vulnerability that could be exploited by an attacker to gain access to personally identifiable information of other customers...