951 matches found
CVE-2026-56013
The CVE describes an unauthenticated Insecure Direct Object References (IDOR) in the WordPress License Manager for WooCommerce plugin, affected versions up to 3.0.15. The vulnerability stems from insecure direct object references that could allow unauthenticated access to license data. Connected ...
WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...
PT-2026-52427
Name of the Vulnerable Software and Affected Versions License Manager for WooCommerce versions prior to 3.0.16 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an application provides direc...
WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...
EUVD-2026-37604
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin SupportCandy versions = 3.4.6...
CVE-2026-54184
Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...
CVE-2026-40768
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...
CVE-2026-54184
The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...
CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...
CVE-2026-40768
The CVE covers WordPress Salon booking system plugin versions
CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
EUVD-2026-36995
Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...
EUVD-2026-36955
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
EUVD-2025-210157
Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...
CVE-2026-52699
Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-40792
Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...
CVE-2025-59133
Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...