943 matches found
CVE-2023-36520 WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12...
CVE-2023-38513 WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine Media Organizer & Lightroom.This issue affects Photo Engine Media Organizer & Lightroom: from n/a through 6.2.5...
CVE-2023-41796 WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0...
CVE-2023-46311 WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...
CVE-2023-6929
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...
Authorization
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...
CVE-2023-6929 Authorization Bypass Through User-Controlled Key in EuroTel ETL3100
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the...
CVE-2023-6929
EuroTel ETL3100, affected versions v01c01 and v01x37, suffer from insecure direct object references (IDOR) that allow bypassing authorization by using user-supplied input to access objects. The root cause is improper access control via direct object access, enabling attackers to reach hidden reso...
CVE-2022-43450 WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2...
CVE-2023-49812 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...
CVE-2023-49812 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005...
CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...
Design/Logic Flaw
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...
CVE-2023-5236
Summary (based on provided sources): CVE-2023-5236 affects Infinispan and is caused by failing to detect circular object references during unmarshalling, enabling a remote-authenticated attacker to insert a crafted object into the cache to trigger out-of-memory conditions and a denial of service....
WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)
Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.5.02.005 Fixed in 8.6.01.003 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-49812 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 10e03ebd1bf6 Credit...
WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)
Software Rate my Post – WP Rating System Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-49765 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8f48f9c338b...
WordPress Plugin Shortcodes Ultimate Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Shortcodes Ultimate Plugin <= 5.13.3 is vulnerable to Insecure Direct Object References (IDOR)
Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.13.3 Fixed in 7.0.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6226 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7b259d4a9888 Credits Francesc...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...
CVE-2023-43900
Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...