CVE-2025-70063

The Medical History module of PHPGurukul Hospital Management System v4.0 exposes an Insecure Direct Object Reference (IDOR) vulnerability. The application does not verify that the requested viewid belongs to the currently authenticated patient, allowing an attacker to enumerate viewid values to a...

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

PT-2026-7195

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm Memberships Payment Controller::processing' due to missing validation on a user controlled...

CVE-2026-25567

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

CVE-2026-0909

The CVE-2026-0909 entry concerns the WordPress WP ULike plugin (all versions up to 4.8.3.1). The vulnerability is Insecure Direct Object Reference via the wp_ulike_delete_history_api AJAX action, which does not verify that the history log being deleted belongs to the current user. This can allow ...

BIT-MASTODON-2026-23964 Mastodon has insufficient access control to push notification settings

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...

CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

CVE-2026-24136

CVE-2026-24136 affects Saleor, a commerce platform. An IDOR in the GraphQL order() query allows unauthenticated actors to exfiltrate sensitive information (PII) from orders created before 3.2.0. Affected versions span 3.2.0–3.20.109, 3.21.0-a.0–3.21.44, and 3.22.0-a.0–3.22.28. Remediation: upgrad...

CVE-2026-23844

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue...

CVE-2016-10930

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number...

CVE-2025-13110

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woofaddsubscr" function due to missing validation on a user controlled key. This makes it possible for authenticat...

CVE-2025-13110

CVE-2025-13110 affects the HUSKY – Products Filter Professional for WooCommerce (WordPress). It is an Insecure Direct Object Reference via the woof_add_subscr function due to missing validation on a user-controlled key, enabling authenticated attackers with subscriber-level access or higher to cr...

CVE-2025-34436

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks...

CVE-2025-12997

Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...

WordPress OneClick Chat to Order plugin <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure vulnerability discovered by Md Shofiur Rahman - Pentest Testing Corp in WordPress Plugin OneClick Chat to Order versions = 1.0.8...

EUVD-2025-198487

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

CVE-2025-12086

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in Rallly versions prior to 4.5.4 that stems from the presence of an insecure direct object reference in the vote...

CVE-2025-12833

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...