704 matches found
WordPress plugin Page and Post Clone security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Paid Memberships Pro versions = 3.0.4...
WordPress User Profile Picture plugin <= 2.6.1 - Authenticated Insecure Direct Object Reference to Profile Picture Update vulnerability
Authenticated Insecure Direct Object Reference to Profile Picture Update vulnerability discovered by JoanClarke2 in WordPress Plugin User Profile Picture versions = 2.6.1...
Globitel SpeechLog Analytics 安全漏洞
Globitel SpeechLog Analytics is a speech analysis module from Globitel. A security vulnerability exists in Globitel SpeechLog Analytics version v8.1, which stems from the discovery of an insecure direct object reference IDOR contained via the userID parameter...
CVE-2024-32166
Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...
PT-2024-24453 · Webid · Webid
Name of the Vulnerable Software and Affected Versions: Webid version 1.2.1 Description: The issue allows attackers to exploit an Insecure Direct Object Reference IDOR vulnerability, which is a type of Broken Access Control vulnerability. This enables horizontal privilege escalation, permitting...
CVE-2023-6897
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress FileBird plugin <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference vulnerability
Authenticated Author+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Filebird versions = 5.6.3...
Lunary 安全漏洞
lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...
CVE-2024-1289
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...
WordPress LearnPress plugin <= 4.2.6.3 - Insecure Direct Object Reference vulnerability
Insecure Direct Object Reference vulnerability discovered by drop in WordPress Plugin LearnPress versions = 4.2.6.3...
PT-2024-22678 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.6 Description: The issue allows an authenticated user to exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files,...
CVE-2023-6969
The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...
Webkul Software Bagisto Security Vulnerability
Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version v.1.5.0, which stems from an insecure direct object reference IDOR issue that allows an attacker to obtain sensitive information v...
PT-2024-12552 · Bagisto · Bagisto
Name of the Vulnerable Software and Affected Versions: Bagisto versions 1.5.0 through 1.5.1 Description: The issue allows an attacker to obtain sensitive information via the invoice ID parameter, which is an example of an Insecure Direct Object Reference IDOR. This means that an attacker can...
PT-2024-13730 · Ellucian · Ellucian Banner
Name of the Vulnerable Software and Affected Versions: Ellucian Banner version 9.17 Description: The issue allows Insecure Direct Object Reference IDOR via a modified bannerId to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint. This means an attacker could potentially access...
WordPress plugin Starbox security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
PT-2024-15184 · Avaya · Avaya Aura Experience Portal Manager
Name of the Vulnerable Software and Affected Versions: Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402 Avaya Aura Experience Portal Manager versions prior to 8.0 Description: Insecure Direct Object Reference vulnerabilities were discovered in the Avaya...
WordPress Plugin WP 2FA Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Plugin Contact Form Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...