Lucene search
K

943 matches found

Patchstack
Patchstack
added 2024/10/25 12:0 a.m.14 views

WordPress WPSchoolPress Plugin <= 2.2.10 is vulnerable to Insecure Direct Object References (IDOR)

Software WPSchoolPress Type Plugin Vulnerable versions = 2.2.10 Fixed in 2.2.11 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2024-9637 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d50363b8f523 Credits wesley wcraft Required...

8.8CVSS8.8AI score0.00489EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/05 12:27 p.m.12 views

CVE-2024-47316 WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9...

4.3CVSS6.9AI score0.00333EPSS
Exploits0References1
Veracode
Veracode
added 2024/10/01 9:8 a.m.7 views

Insecure Direct Object Reference (IDOR)

aimeos/ai-controller-frontend is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to a lack of proper access control and authorization checks, allowing attackers to manipulate object references like user IDs without verification...

5.3CVSS6.6AI score0.00473EPSS
Exploits0References12Affected Software1
Patchstack
Patchstack
added 2024/09/25 10:59 a.m.4 views

WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin Salon booking system versions = 10.9...

8.8CVSS7AI score0.00333EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.13 views

WordPress Salon booking system Plugin <= 10.9 is vulnerable to Insecure Direct Object References (IDOR)

Software Salon booking system Type Plugin Vulnerable versions = 10.9 Fixed in 10.9.1 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-47316 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecb95cdb72ad Credits...

8.8CVSS6.4AI score0.00333EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.13 views

WordPress HUSKY Plugin <= 1.3.6.1 is vulnerable to Insecure Direct Object References (IDOR)

Software HUSKY Type Plugin Vulnerable versions = 1.3.6.1 Fixed in 1.3.6.2 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-7491 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f141f252795c Credits shaman0x01 Required...

5.3CVSS6.6AI score0.00275EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.6 views

The vulnerability of the libxml2 library stems from an improper limitation on XML references to external objects, which allows attackers to gain access to arbitrary files on the server or perform network scanning of internal and external infrastructure.

The vulnerability of the libxml2 library is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to arbitrary files on the server or perform network scanning of internal and external infrastructure...

9.4CVSS7AI score0.01192EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.5 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 12.4.0 and earlier, which stems from an inability to validate the mail parameter of createAction, resulting in insecure direct object...

7.5CVSS6.5AI score0.00485EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/06 12:0 a.m.19 views

WordPress WP-Recall Plugin <= 16.26.8 is vulnerable to Insecure Direct Object References (IDOR)

Software WP-Recall Type Plugin Vulnerable versions = 16.26.8 Fixed in 16.26.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-8292 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 49cff2ea1861 Credits wesley wcraft...

9.8CVSS6.5AI score0.00603EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/08/28 12:0 a.m.10 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from an inability to validate email parameters that confirm an operation, resulting in an insecure direct object reference...

7.3CVSS6.5AI score0.00297EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/26 8:23 p.m.25 views

CVE-2024-43916 WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102...

4.3CVSS7AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/26 8:23 p.m.25 views

CVE-2024-43916 WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102...

4.3CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/18 9:34 p.m.19 views

CVE-2024-43266 WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through = 2.1.8...

5.4CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/18 9:31 p.m.27 views

CVE-2024-43322 WordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100...

5.4CVSS7AI score0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/18 9:28 p.m.18 views

CVE-2024-43350 WordPress Propovoice CRM plugin <= 1.7.6.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4...

5.3CVSS7AI score0.00339EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/08/16 2:16 p.m.3 views

WordPress Propovoice CRM plugin <= 1.7.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Propovoice CRM versions = 1.7.8...

5.3CVSS7AI score0.00339EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:29 p.m.5 views

WordPress Zephyr Project Manager plugin <=3.3.100 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Zephyr Project Manager versions = 3.3.100...

9.8CVSS7AI score0.00367EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 11:0 a.m.3 views

WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin wpForo Forum versions = 2.3.4...

8.1CVSS7AI score0.0031EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.4 views

WordPress plugin Custom Field For WP Job Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Cust...

4.3CVSS6.5AI score0.00388EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.15 views

WordPress wpForo Forum Plugin <= 2.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software wpForo Forum Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 84baf52495a3 Credits Ananda Dhakal...

8.1CVSS6.5AI score0.0031EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder