943 matches found
CVE-2023-3105
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
Authorization
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2023-3105
The CVE-2023-3105 entry concerns LearnDash LMS for WordPress, affected through 4.6.0 by an Insecure Direct Object References flaw that lets an attacker with an existing account change arbitrary user passwords and potentially take over administrator accounts. The issue arises from user-controlled ...
CVE-2023-3105
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)
Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...
WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce GoCardless Gateway Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-37871 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 5a7891bcb8a5 Credi...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2172 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56d76680559e Credits Alex Thomas Required...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...
CVE-2023-3063
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
Authorization
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063
CVE-2023-3063 affects SP Project & Document Manager (WordPress) up to version 4.67. Root cause: Insecure Direct Object References (IDOR) allowing authenticated users with subscriber privileges (or higher) to access objects and bypass authorization, enabling password changes and potential administ...
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
PT-2023-22827 · WordPress · Sp Project & Document Manager
Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager plugin for WordPress versions up to, and including, 4.67 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attacker...
WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Insecure Direct Object References (IDOR)
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.67 Fixed in 4.68 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2023-3063 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 479dd26d18cf Credits István Márt...
WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)
Software Editorial Calendar Type Plugin Vulnerable versions = 3.7.12 Fixed in 3.8.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-36520 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cbcd0860491 Credits Elliot...
LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References
The plugin does not correctly manage access to system resources, resulting in Insecure Direct Object References. As a result, users can bypass authorization checks, leading to unauthorized changes to user passwords, potentially compromising administrator accounts...
VulnCheck KEV: CVE-2023-3105
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...