4433 matches found
CVE-2025-4522
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522 IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete Function
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...
CVE-2025-4522
The WordPress IDonate plugin (IDonate) is affected by an Insecure Direct Object Reference in versions 2.0.0–2.1.9. The root cause is improper access control in the admin_post_donor_delete flow, which allows an authenticated user (Subscriber+ privilege) to craft a user_id value passed to wp_delete...
PT-2025-45406
Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.0.0 through 2.1.9 Description The IDonate plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. Attackers with...
WordPress plugin IDonate 安全漏洞
WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...
CVE-2025-58627 WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through 2.0.9...
GHSA-CPF4-PMR4-W6CX IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering
Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users with specific administrator roles within one organization to access and modify data belonging to other organizations. Impact ZITADEL's Organization V2Beta API,...
PT-2025-45383
Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0-rc.1 through 4.6.2 Description Zitadel is an open source identity management platform susceptible to secure Direct Object Reference IDOR attacks through its V2Beta API. Authenticated users with specific administrator rol...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
EUVD-2025-37759
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690
CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...
PT-2025-44991
Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...
CFMOTO RIDE 安全漏洞
CFMOTO RIDE is an in-vehicle vehicle data management system from the Chinese company CFMOTO. A security vulnerability exists in CFMOTO RIDE that stems from an insecure direct object reference in the vehicleId parameter, which could lead to unauthorized access to sensitive information of other use...
Insecure Direct Object Reference (IDOR)
Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...
CVE-2025-61876
Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...
CVE-2025-61876
Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...
CVE-2025-61876
CVE-2025-61876 is an IDOR flaw in Inforcer Platform 2.0.153 allowing a low-privilege, authenticated user to enumerate and access tenant data from other clients by altering the tenant ID in the /tenants/{id} URL. The Red Hat and NVD records corroborate the issue; the CVSSv3.1 score is 5.0 (Medium)...
Inforcer Platform 安全漏洞
Inforcer Platform is a multi-tenant management platform from the Dutch company Inforcer. A security vulnerability exists in Inforcer Platform version 2.0.153, which stems from the presence of an insecure direct object reference in the /tenants/id API endpoint, which could lead to a low-privileged...
CVE-2025-61876
Insecure Direct Object Reference IDOR in /tenants/id API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL...
CVE-2025-40069
CVE-2025-40069 affects the Linux kernel, specifically the DRM MSM driver. The vulnerability arises in the VM_BIND error path where, if a handle-lookup partway through fails, references to already obtained objects may not be dropped, potentially leaking resources. The available connected documents...