4420 matches found
📄 YOURLS 1.8.2 CSRF / IDOR / Missing Authorization
YOURLS version 1.8.2 AJAX endpoint scanner that checks for cross site request forgery, insecure direct object reference, missing authorization, and missing input validation vulnerabilities...
CVE-2025-13748
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
EUVD-2025-201540
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-13748
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...
CVE-2025-13748
CVE-2025-13748: Fluent Forms for WordPress (
PT-2025-49355
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submission id' parameter due to missing validation on a user controlled key within...
WordPress plugin Fluent Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-13932
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference IDOR, where any authenticated user can access detailed data of any plant by altering the plantid in the request...
EUVD-2025-201308
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference IDOR, where any authenticated user can access detailed data of any plant by altering the plantid in the request...
CVE-2025-13932
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference IDOR, where any authenticated user can access detailed data of any plant by altering the plantid in the request...
CVE-2025-13932
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference IDOR, where any authenticated user can access detailed data of any plant by altering the plantid in the request...
CVE-2025-13932
CVE-2025-13932 concerns the SolisCloud API, where an Insecure Direct Object Reference (IDOR) allows any authenticated user to view detailed data of any plant by changing the plant_id in the request. The issue is described consistently across Red Hat, NVD, CVE lists, EUVD, and related advisories, ...
CVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...
CVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...
CVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...
EUVD-2025-201284
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...
CVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: befo...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...