943 matches found
CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...
CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...
WordPress WooCommerce Stripe Payment Gateway Plugin < 7.4.1 IDOR Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:woocommerce:stripepaymentgateway"; if description...
WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Payments Type Plugin Vulnerable versions = 5.9.0 Fixed in 5.9.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35916 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e4c9d390a631 Credits Rafie...
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)
Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23679 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID...
Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin
A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000 , impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...
CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...
Design/Logic Flaw
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
CVE-2023-32310 DataEase API interface has IDOR vulnerability
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...
PT-2023-23720 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.7 Description: The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard o...
Insecure Direct Object References (IDOR)
manager-workflow is vulnerable to Insecure Direct Object References IDOR. The vulnerability exists due to improper authentication mechanism used in ProcessServiceImpl.java when operating a workflow, which allows an attacker to access files or directories and cancel an application that doesn't...
Insecure Direct Object References (IDOR)
org.apache.inlong is vulnerable to Insecure Direct Object References IDOR. The vulnerability exists due to a lack of permission verification for stream sources, which allows an attacker to access files or directories of external users and delete, edit, stop, and start others' sources...
CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....
CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....
CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...
CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...
CVE-2023-2276
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...
Authorization
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...
CVE-2023-2276
The CVE-2023-2276 entry concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. Affected versions ≤ 2.10.7 are vulnerable to Insecure Direct Object References (IDOR), allowing unauthenticated attackers to access object resources and bypass authorizatio...