Lucene search
K

943 matches found

Cvelist
Cvelist
added 2023/06/23 2:21 p.m.22 views

CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...

4.6CVSS8.9AI score0.00472EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/23 2:21 p.m.12 views

CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7...

4.6CVSS6.9AI score0.00472EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.14 views

WordPress WooCommerce Stripe Payment Gateway Plugin < 7.4.1 IDOR Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:woocommerce:stripepaymentgateway"; if description...

7.5CVSS7.1AI score0.01214EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.12 views

WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Payments Type Plugin Vulnerable versions = 5.9.0 Fixed in 5.9.1 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35916 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID e4c9d390a631 Credits Rafie...

7.5CVSS6.5AI score0.00565EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/20 12:0 a.m.8 views

WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)

Software JS Help Desk – Best Help Desk & Support Plugin Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-23679 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID...

8.8CVSS6.4AI score0.00472EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/06/14 8:33 a.m.7 views

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000 , impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

7.5CVSS6AI score0.01214EPSS
Exploits2
Cvelist
Cvelist
added 2023/06/14 7:30 a.m.25 views

CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)

Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin = 7.4.0 versions...

7.5CVSS7.7AI score0.01214EPSS
Exploits2References2
Prion
Prion
added 2023/06/01 4:15 p.m.26 views

Design/Logic Flaw

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

5.5CVSS7.9AI score0.01014EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/06/01 3:5 p.m.36 views

CVE-2023-32310 DataEase API interface has IDOR vulnerability

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

8.1CVSS7.7AI score0.01014EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.4 views

PT-2023-23720 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.7 Description: The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard o...

8.1CVSS7.7AI score0.01014EPSS
Exploits1References11
Veracode
Veracode
added 2023/05/26 4:43 a.m.27 views

Insecure Direct Object References (IDOR)

manager-workflow is vulnerable to Insecure Direct Object References IDOR. The vulnerability exists due to improper authentication mechanism used in ProcessServiceImpl.java when operating a workflow, which allows an attacker to access files or directories and cancel an application that doesn't...

7.5CVSS6.9AI score0.01247EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/05/26 2:15 a.m.26 views

Insecure Direct Object References (IDOR)

org.apache.inlong is vulnerable to Insecure Direct Object References IDOR. The vulnerability exists due to a lack of permission verification for stream sources, which allows an attacker to access files or directories of external users and delete, edit, stop, and start others' sources...

9.1CVSS6.6AI score0.01355EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/22 3:44 p.m.12 views

CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

7.5AI score0.01247EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/22 3:44 p.m.36 views

CVE-2023-31064 Apache InLong: Insecurity direct object references cancelling applications

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

7.7AI score0.01247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/22 3:35 p.m.15 views

CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...

6.8AI score0.01355EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/22 3:35 p.m.12 views

CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's...

9.4AI score0.01355EPSS
Exploits0References1
OSV
OSV
added 2023/05/20 4:15 a.m.5 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS5.8AI score0.01093EPSS
Exploits0References4
Prion
Prion
added 2023/05/20 4:15 a.m.10 views

Authorization

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

7.5CVSS9.3AI score0.01093EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/20 3:35 a.m.8 views

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS7.2AI score0.01093EPSS
Exploits0References4
CVE
CVE
added 2023/05/20 3:35 a.m.65 views

CVE-2023-2276

The CVE-2023-2276 entry concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. Affected versions ≤ 2.10.7 are vulnerable to Insecure Direct Object References (IDOR), allowing unauthenticated attackers to access object resources and bypass authorizatio...

9.8CVSS9.3AI score0.01093EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder