Authorization Bypass Through User-Controlled Key

Overview @better-auth/passkey is a Passkey plugin for Better Auth Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a POST /passkey/delete-passkey request. An attacker can delete arbitrary passkeys belonging to other users by providing their...

Better Auth Passkey Plugin allows passkey deletion through IDOR

Summary Affected versions of the better-auth passkey plugin allow users with any valid session to delete arbitrary passkeys via their ID using POST /passkey/delete-passkey. Details ctx.body.id is implicitly trusted and used in passkey deletion queries. better-auth applications configured with...

Insecure Direct Object Reference (IDOR)

liferay-portal is vulnerable to an Insecure Direct Object Reference IDOR vulnerability. The vulnerability is due to the workflow definition API exposing resources based on user-supplied names without enforcing authorization checks, where the API resolves workflow definitions directly by name...

CVE-2025-12040

The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.3 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated...

EUVD-2025-199571

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

CVE-2025-13382 Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

CVE-2025-13382

The CVE concerns the WordPress Frontend File Manager Plugin (versions up to 23.4). It is vulnerable to Insecure Direct Object Reference because the plugin does not validate file ownership before processing file rename requests via the REST endpoint /wpfm/v1/file-rename. This allows an authenticat...

CVE-2025-12040 Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation

The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.3 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated...

WordPress Frontend File Manager plugin plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary File Renaming vulnerability discovered by t.t.brothers in WordPress Plugin Frontend File Manager versions = 23.4...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unsafe direct object reference vulnerability

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. The WordPress ELEX WordPress HelpDesk & Customer Ticketing Syste...

WordPress plugin Frontend File Manager 安全漏洞

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

PT-2025-47996

The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

PT-2025-48079

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

📄 Classroomio LMS 0.1.13 Insecure Direct Object Reference

Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities. CVE-2025-65670 An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in...

PT-2025-48007

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes i...

CVE-2025-65647

CVE-2025-65647 applies to PHPGURUKUL Online Shopping Portal 2.1, where an Insecure Direct Object Reference (IDOR) in the Track order function allows information disclosure via the oid parameter. The vulnerability stems from insufficient access control when referencing data sent from the client as...

CVE-2025-13526

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...