Lucene search
K

943 matches found

Patchstack
Patchstack
added 2024/08/16 12:0 a.m.14 views

WordPress Zephyr Project Manager Plugin <=3.3.100 is vulnerable to Insecure Direct Object References (IDOR)

Software Zephyr Project Manager Type Plugin Vulnerable versions =3.3.100 Fixed in 3.3.101 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43322 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9361097ccda0 Credits...

9.8CVSS6.5AI score0.00367EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.14 views

WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.9.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Stripe Payments For WooCommerce by Checkout Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43315 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID...

7.5CVSS6.8AI score0.00431EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/13 10:47 a.m.17 views

CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2...

6.5CVSS0.00393EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/08/12 2:8 p.m.2 views

WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by LuxFoz Patchstack Alliance in WordPress Plugin WP Job Portal versions = 2.1.8...

8.8CVSS7AI score0.00363EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.11 views

WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43239 Patch priority Low CVSS severity Low 4.3 Developer Masteriyo PSID 14f36e53d575 Credits Ananda Dhakal...

8.1CVSS6.5AI score0.00292EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.9 views

WordPress WP Job Portal Plugin <= 2.1.8 is vulnerable to Insecure Direct Object References (IDOR)

Software WP Job Portal Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43266 Patch priority Low CVSS severity Low 5.4 Developer Ahmad PSID b4bbb00ba10f Credits LuxF0z Required privileg...

8.8CVSS6.5AI score0.00363EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/01 1:56 p.m.6 views

WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin LearnPress versions = 4.2.6.8.2...

6.5CVSS7AI score0.00393EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/01 12:0 a.m.11 views

WordPress LearnPress Plugin <= 4.2.6.8.2 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.8.2 Fixed in 4.2.6.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-39642 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 051731ae418f Credits Rafie...

6.5CVSS6.5AI score0.00393EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/19 12:0 a.m.12 views

WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Insecure Direct Object References (IDOR)

Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5977 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 3e3c50f20b4c Credits Thanh Nam Tra...

5.4CVSS6.5AI score0.00428EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.11 views

WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-6410 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa3e6febe27 Credits Tieu Pham Trong...

4.3CVSS6.5AI score0.00353EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/06/30 6:1 p.m.20 views

CVE-2024-31898 IBM InfoSphere Information Server data modification

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182...

5.4CVSS0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/30 12:0 a.m.6 views

PT-2024-4817 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to an error in handling user-controlled authorization keys, which could allow a remote attacker to disclose protected information or modify arbitrary data. It is...

5.5CVSS6.7AI score0.00271EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.13 views

WordPress Paid Memberships Pro Plugin <= 3.0.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-37277 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dc85580f8dca Credits Rafie...

9.8CVSS7.4AI score0.00661EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/24 12:0 a.m.13 views

WordPress Bricks Builder (Premium) Plugin <= 1.9.8 is vulnerable to Insecure Direct Object References (IDOR)

Software Bricks Builder Premium Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Security Misconfiguration Classification Insecure Direct Object References IDOR CVE CVE-2024-4874 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 25f017e35793 Credits...

4.3CVSS6.8AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/08 4:9 p.m.28 views

CVE-2024-35659 WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.6...

5.3CVSS0.00336EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.18 views

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.5 views

WordPress plugin Tutor LMS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.00343EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/06/06 12:0 a.m.23 views

kanboard -- Project Takeover via IDOR in ProjectPermissionController

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...

8.2CVSS8AI score0.00353EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/06/04 12:0 a.m.21 views

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

4.3CVSS6.5AI score0.00462EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/04 12:0 a.m.11 views

WordPress Buddyboss Platform Plugin < 2.6.0 is vulnerable to Insecure Direct Object References (IDOR)

Software Buddyboss Platform Type Plugin Vulnerable versions 2.6.0 Fixed in 2.6.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4750 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edae12ac139d Credits Faris Krivi...

6.5AI score0.0043EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder