943 matches found
WordPress Zephyr Project Manager Plugin <=3.3.100 is vulnerable to Insecure Direct Object References (IDOR)
Software Zephyr Project Manager Type Plugin Vulnerable versions =3.3.100 Fixed in 3.3.101 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43322 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9361097ccda0 Credits...
WordPress Stripe Payments For WooCommerce by Checkout Plugin <= 1.9.1 is vulnerable to Insecure Direct Object References (IDOR)
Software Stripe Payments For WooCommerce by Checkout Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43315 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID...
CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2...
WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by LuxFoz Patchstack Alliance in WordPress Plugin WP Job Portal versions = 2.1.8...
WordPress Masteriyo - LMS Plugin <= 1.11.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Masteriyo - LMS Type Plugin Vulnerable versions = 1.11.4 Fixed in 1.11.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43239 Patch priority Low CVSS severity Low 4.3 Developer Masteriyo PSID 14f36e53d575 Credits Ananda Dhakal...
WordPress WP Job Portal Plugin <= 2.1.8 is vulnerable to Insecure Direct Object References (IDOR)
Software WP Job Portal Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-43266 Patch priority Low CVSS severity Low 5.4 Developer Ahmad PSID b4bbb00ba10f Credits LuxF0z Required privileg...
WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin LearnPress versions = 4.2.6.8.2...
WordPress LearnPress Plugin <= 4.2.6.8.2 is vulnerable to Insecure Direct Object References (IDOR)
Software LearnPress Type Plugin Vulnerable versions = 4.2.6.8.2 Fixed in 4.2.6.9 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-39642 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 051731ae418f Credits Rafie...
WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Insecure Direct Object References (IDOR)
Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5977 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 3e3c50f20b4c Credits Thanh Nam Tra...
WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Insecure Direct Object References (IDOR)
Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-6410 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa3e6febe27 Credits Tieu Pham Trong...
CVE-2024-31898 IBM InfoSphere Information Server data modification
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182...
PT-2024-4817 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to an error in handling user-controlled authorization keys, which could allow a remote attacker to disclose protected information or modify arbitrary data. It is...
WordPress Paid Memberships Pro Plugin <= 3.0.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Paid Memberships Pro Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-37277 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID dc85580f8dca Credits Rafie...
WordPress Bricks Builder (Premium) Plugin <= 1.9.8 is vulnerable to Insecure Direct Object References (IDOR)
Software Bricks Builder Premium Type Plugin Vulnerable versions = 1.9.8 Fixed in 1.9.9 OWASP Top 10 A5: Security Misconfiguration Classification Insecure Direct Object References IDOR CVE CVE-2024-4874 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 25f017e35793 Credits...
CVE-2024-35659 WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.6...
WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...
WordPress plugin Tutor LMS security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
kanboard -- Project Takeover via IDOR in ProjectPermissionController
[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...
WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...
WordPress Buddyboss Platform Plugin < 2.6.0 is vulnerable to Insecure Direct Object References (IDOR)
Software Buddyboss Platform Type Plugin Vulnerable versions 2.6.0 Fixed in 2.6.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4750 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edae12ac139d Credits Faris Krivi...