Online Shopping Portal Insecure Direct Object Reference Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

PT-2025-48239

The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode wishlist for woocommerce wishlist table item callback' function due to missing validation on a user controlled key. This makes it...

WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...

EUVD-2025-199752

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

EUVD-2025-199756

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-12766

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

CVE-2025-12040

The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.3 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com that stems from an insecure direct object reference that could lead to unauthorized shared and invited access to course settings...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

PT-2025-48174

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com version 0.1.13, which stems from an insecure direct object reference that could lead to a student accessing a sensitive administrator or teacher endpoint by manipulating the...

CVE-2025-65672

CVE-2025-65672 concerns an insecure direct object reference (IDOR) in ClassroomIO 0.1.13, enabling unauthorized sharing and inviting access to course settings. Connected sources consistently describe the root cause as broken access control with IDOR, allowing a student‑level user to manipulate co...

CVE-2025-65670

CVE-2025-65670 describes an insecure direct object reference (IDOR) in classroomio 0.1.13. The issue lets students manipulate the URL course ID to access sensitive admin/teacher endpoints, causing unauthorized disclosure of course, admin, and student data. The leak is described as momentary befor...

EUVD-2025-199652

Better Auth Passkey Plugin allows passkey deletion through IDOR...