Lucene search
K

943 matches found

Cvelist
Cvelist
added 2023/05/20 3:35 a.m.20 views

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS9.6AI score0.01093EPSS
Exploits0References4
OSV
OSV
added 2023/05/16 9:15 a.m.3 views

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

7.2CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2023/05/16 9:15 a.m.18 views

Authorization

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

5.8CVSS6.7AI score0.00718EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/16 8:40 a.m.17 views

CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

6.6CVSS7AI score0.00718EPSS
Exploits0References2
CVE
CVE
added 2023/05/16 8:40 a.m.49 views

CVE-2023-2548

CVE-2023-2548 affects the WordPress plugin RegistrationMagic (versions up to 5.2.0.5). The root cause is Insecure Direct Object References, where the plugin exposes user-controlled objects, allowing an authenticated admin+ to bypass authorization and access system resources. Impact: an attacker w...

7.2CVSS7.3AI score0.00718EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/16 8:40 a.m.8 views

CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

6.6CVSS7.1AI score0.00718EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.6 views

WordPress plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.2CVSS7.6AI score0.00718EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.10 views

WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Bookings Type Plugin Vulnerable versions = 1.15.78 Fixed in 1.15.79 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32747 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 81006e449dea Credits Raf...

7.5CVSS6.5AI score0.00449EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.14 views

WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Ship to Multiple Addresses Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-32799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c036222840...

6.5CVSS6.5AI score0.00545EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/29 12:0 a.m.6 views

PT-2023-7925 · Eurotel · Eurotel Etl3100

Name of the Vulnerable Software and Affected Versions: EuroTel ETL3100 versions v01c01 and v01x37 Description: The issue is related to insecure direct object references, which occur when the application provides direct access to objects based on user-supplied input. This allows attackers to bypas...

9.8CVSS8.8AI score0.00805EPSS
Exploits1References11
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.9 views

WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)

Software Stream Type Plugin Vulnerable versions = 3.9.2 Fixed in 3.9.3 OWASP Top 10 A1: Injection Classification Insecure Direct Object References IDOR CVE CVE-2022-43450 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 760a85c05111 Credits Lucio Sá Required privilege...

6.5CVSS7.1AI score0.00652EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/17 12:0 a.m.11 views

WordPress Ruby Help Desk Plugin < 1.3.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Ruby Help Desk Type Plugin Vulnerable versions 1.3.4 Fixed in 1.3.4 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1125 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4bb70b90c759 Credits Ameen Alkurdy...

6.5CVSS6.8AI score0.00559EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/04/05 12:0 a.m.18 views

WordPress WP FEvents Book Plugin <= 0.46 is vulnerable to Insecure Direct Object References (IDOR)

Software WP FEvents Book Type Plugin Vulnerable versions = 0.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-1129 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID bdca07c43d3d Credits Ameen Alkurdy...

6.5CVSS6.5AI score0.00555EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/03 12:0 a.m.13 views

WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR

The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...

6.5CVSS6.7AI score0.00555EPSS
Exploits2Affected Software1
0day.today
0day.today
added 2023/03/31 12:0 a.m.165 views

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...

7.4AI score
Exploits0
Veracode
Veracode
added 2023/03/23 12:27 a.m.20 views

Improper Authorization

nilsteampassnet/teampass is vulnerable to Improper Authorization. The vulnerability allows an attacker with low-level privileges to logout everyone out including the admin due to an Insecure Direct Object References IDOR via the user ID...

5.4CVSS5.6AI score0.00523EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.9 views

WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 21.7 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 21.7 Fixed in 21.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0865 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID...

8.8CVSS6.5AI score0.01196EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.5 views

The vulnerability of the ColdFusion software platform arises from an incorrect limitation on the path to the restricted access directory. This allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

7.8CVSS7.1AI score0.35527EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.10 views

Atlassian Jira 8.6.0 < 8.9.2 Disclosure Of Private Project Titles

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...

4.3CVSS7.3AI score0.01215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.19 views

Atlassian Jira 7.0.6 < 7.13.16 Disclosure Of Private Project Titles

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.0.6 prior to version 7.13.16, 8.0.0 prior to 8.5.7, 8.6.0 prior to 8.9.2 or 8.10.0 prior to 8.10.1. It is, therefore, affected by a vulnerability which allow remote attackers to view...

4.3CVSS7.3AI score0.01215EPSS
Exploits0References2
Rows per page
Query Builder