Lucene search
K

943 matches found

NVD
NVD
added 2023/07/12 5:15 a.m.40 views

CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS8.6AI score0.02233EPSS
Exploits2References2
Prion
Prion
added 2023/07/12 5:15 a.m.36 views

Authorization

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

6.5CVSS8.5AI score0.02233EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2023/07/12 4:38 a.m.67 views

CVE-2023-3105

The CVE-2023-3105 entry concerns LearnDash LMS for WordPress, affected through 4.6.0 by an Insecure Direct Object References flaw that lets an attacker with an existing account change arbitrary user passwords and potentially take over administrator accounts. The issue arises from user-controlled ...

8.8CVSS8.4AI score0.02233EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/12 4:38 a.m.14 views

CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS6.7AI score0.02233EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/07/12 4:38 a.m.45 views

CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS8.7AI score0.02233EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/07/11 12:0 a.m.6 views

WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...

6.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/10 12:0 a.m.15 views

WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce GoCardless Gateway Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-37871 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 5a7891bcb8a5 Credi...

8.2CVSS6.5AI score0.00541EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/06 12:0 a.m.14 views

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2172 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56d76680559e Credits Alex Thomas Required...

4.3CVSS6.5AI score0.00419EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/06 12:0 a.m.12 views

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...

6.5CVSS6.5AI score0.00419EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/30 2:15 a.m.22 views

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS8.5AI score0.00729EPSS
Exploits0References2
OSV
OSV
added 2023/06/30 2:15 a.m.4 views

CVE-2023-3063

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS7.3AI score0.00729EPSS
Exploits0References2
Prion
Prion
added 2023/06/30 2:15 a.m.16 views

Authorization

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

6.5CVSS8.4AI score0.00729EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/30 1:56 a.m.27 views

CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS8.6AI score0.00729EPSS
Exploits0References2
CVE
CVE
added 2023/06/30 1:56 a.m.54 views

CVE-2023-3063

CVE-2023-3063 affects SP Project & Document Manager (WordPress) up to version 4.67. Root cause: Insecure Direct Object References (IDOR) allowing authenticated users with subscriber privileges (or higher) to access objects and bypass authorization, enabling password changes and potential administ...

8.8CVSS8.7AI score0.00729EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/30 1:56 a.m.11 views

CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...

8.8CVSS7.2AI score0.00729EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.6 views

PT-2023-22827 · WordPress · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager plugin for WordPress versions up to, and including, 4.67 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attacker...

8.8CVSS9AI score0.00729EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/06/30 12:0 a.m.12 views

WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...

8.8CVSS6.7AI score0.00729EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.13 views

WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)

Software Editorial Calendar Type Plugin Vulnerable versions = 3.7.12 Fixed in 3.8.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-36520 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cbcd0860491 Credits Elliot...

8.1CVSS6.5AI score0.00364EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/27 12:0 a.m.73 views

LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References

The plugin does not correctly manage access to system resources, resulting in Insecure Direct Object References. As a result, users can bypass authorization checks, leading to unauthorized changes to user passwords, potentially compromising administrator accounts...

8.8CVSS8.8AI score0.02233EPSS
Exploits2References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/06/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS7.4AI score0.02233EPSS
Exploits2References1
Rows per page
Query Builder