943 matches found
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...
CVE-2023-2548
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...
Authorization
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...
CVE-2023-2548
CVE-2023-2548 affects the WordPress plugin RegistrationMagic (versions up to 5.2.0.5). The root cause is Insecure Direct Object References, where the plugin exposes user-controlled objects, allowing an authenticated admin+ to bypass authorization and access system resources. Impact: an attacker w...
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...
WordPress plugin RegistrationMagic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Bookings Type Plugin Vulnerable versions = 1.15.78 Fixed in 1.15.79 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32747 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 81006e449dea Credits Raf...
WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Ship to Multiple Addresses Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c036222840...
PT-2023-7925 · Eurotel · Eurotel Etl3100
Name of the Vulnerable Software and Affected Versions: EuroTel ETL3100 versions v01c01 and v01x37 Description: The issue is related to insecure direct object references, which occur when the application provides direct access to objects based on user-supplied input. This allows attackers to bypas...
WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)
Software Stream Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2022-43450 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 760a85c05111 Credits Lucio Sá Required privilege...
WordPress Ruby Help Desk Plugin < 1.3.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Ruby Help Desk Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1125 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4bb70b90c759 Credits Ameen Alkurdy...
WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)
Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...
WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR
The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass Vulnerability
Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...
Improper Authorization
nilsteampassnet/teampass is vulnerable to Improper Authorization. The vulnerability allows an attacker with low-level privileges to logout everyone out including the admin due to an Insecure Direct Object References IDOR via the user ID...
WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 21.7 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 21.7 Fixed in 21.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0865 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID...
The vulnerability of the ColdFusion software platform arises from an incorrect limitation on the path to the restricted access directory. This allows attackers to execute arbitrary code.
The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...
Atlassian Jira 8.6.0 < 8.9.2 Disclosure Of Private Project Titles
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...
Atlassian Jira 7.0.6 < 7.13.16 Disclosure Of Private Project Titles
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...