4391 matches found
PT-2026-4808
Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description An IDOR Insecure Direct Object Reference issue exists in Omada Controllers. An attacker with Administrator permissions can manipulate requests and potentially hijack the Owner...
CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...
CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...
CVE-2026-24599
CVE-2026-24599 affects WordPress plugin XLPlugins NextMove Lite (WooCommerce) and is described as an Authorization Bypass Through User-Controlled Key via an insecure Direct Object Reference (IDOR) in the NextMove Lite woo-thank-you-page-nextmove-lite component. Public sources (NVD, Red Hat, CVE L...
CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...
CVE-2026-20750 Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...
CVE-2026-24379 WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...
CVE-2026-22430
CVE-2026-22430 affects Mikado-Themes Verdure Verdure WordPress theme (versions up to 1.6). Described as Authorization Bypass Through User-Controlled Key, an IDOR-style vulnerability that arises from incorrectly configured access control. Reported impact/metrics indicate a base CVSS 3.1 v3.1 score...
CVE-2026-22409
CVE-2026-22409 affects Mikado-Themes Justicia (WordPress plugin/theme) withJustice trivia: Authorized bypass via a user-controlled key in access control, impacting Justicia versions up to 1.2 and未明确的根本原因。 Connected documents identify this as an Insecure Direct Object Reference (IDOR) style vulner...
CVE-2026-22430 WordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through = 1.6...
CVE-2026-22426 WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through = 1.2...
CVE-2026-22406 WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through = 1.3...
CVE-2026-22407 WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through = 2.1.1...
CVE-2026-22404
CVE-2026-22404 affects Mikado-Themes Innovio WordPress theme (Innovio,
CVE-2026-22404 WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through = 1.7...
CVE-2026-22398 WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through = 2.0...
CVE-2026-22396
CVE-2026-22396 affects the WordPress Fiorello theme from Mikado-Themes up to version 1.0 (Fiorello). The vulnerability is described as an Authorization Bypass Through a User-Controlled Key, effectively an Insecure Direct Object References (IDOR) flaw that allows bypassing access control to sensit...
CVE-2026-22398 WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through = 2.0...
CVE-2026-22393 WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through = 3.3...
CVE-2026-22391
CVE-2026-22391 is an authorization bypass (IDOR) affecting the WordPress plugin/theme Mikado-Themes Cocco cocco, specifically versions up to 1.5.1. The connected Red Hat/NVD entries repeat the description: Authorization Bypass Through User-Controlled Key due to incorrectly configured access contr...