Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...

CVE-2024-9263

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin for WordPress (versions

WordPress plugin PublishPress Authors 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress PublishPress Authors plugin <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary User Email Update and Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin PublishPress Authors versions = 4.7.1...

PT-2024-39496 · WordPress · Publishpress Authors

Name of the Vulnerable Software and Affected Versions: PublishPress Authors plugin for WordPress versions up to, and including, 4.7.1 Description: The issue is related to Insecure Direct Object Reference, which can lead to Privilege Escalation and Account Takeover. This is due to missing validati...

PT-2024-32021 · Unknown · Kubesphere +1

Name of the Vulnerable Software and Affected Versions: KubeSphere versions 3.x through 3.4.1 KubeSphere versions 4.x through 4.1.1 KubeSphere Enterprise versions 3.x through 3.5.0 KubeSphere Enterprise versions 4.x through 4.1.3 Description: An Insecure Direct Object Reference IDOR vulnerability...

PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend

Name of the Vulnerable Software and Affected Versions: aimeos/ai-controller-frontend versions prior to 2024.4.2 aimeos/ai-controller-frontend versions prior to 2023.10.9 aimeos/ai-controller-frontend versions prior to 2022.10.8 aimeos/ai-controller-frontend versions prior to 2021.10.8...

PT-2024-38918 · WordPress +1 · Bookings Subscription Listings Compatible +1

Name of the Vulnerable Software and Affected Versions: WCFM – Frontend Manager for WooCommerce versions up to, and including, 6.7.12 Description: The issue is related to Insecure Direct Object Reference, which affects the WCFM – Frontend Manager for WooCommerce along with the Bookings Subscriptio...

PT-2024-20853 · Unknown · Mirapolis Lms

Name of the Vulnerable Software and Affected Versions: Mirapolis LMS version 4.6.XX Description: An issue in Mirapolis LMS allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the...

Mirapolis LMS 安全漏洞

Mirapolis LMS is a modern distance learning management system from Mirapolis. A security vulnerability exists in Mirapolis LMS 4.6.XX that stems from an insecure direct object reference IDOR that allows an authenticated user to expose sensitive user data by manipulating the ID parameter and...

WordPress plugin ForumWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin WP Extended 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Tutor LMS Pro plugin <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Missing Authorization to Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS Pro versions = 2.7.2...

Directus has an insecure object reference via PATH presets

Impact Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the POST /presets request but not in the PATCH request. When chained with...

WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Zephyr Project Manager versions = 3.3.102...

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Masteriyo - LMS versions = 1.11.4...

PT-2024-37562 · Opentext · Opentext Arcsight Intelligence

Name of the Vulnerable Software and Affected Versions: OpenText ArcSight Intelligence affected versions not specified Description: A security issue has been identified in OpenText ArcSight Intelligence, related to an Insecure Direct Object Reference. Recommendations: At the moment, there is no...

CVE-2024-5977

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...