PT-2025-17708 · WordPress · Woocommerce Automatic Order Printing

Name of the Vulnerable Software and Affected Versions: WooCommerce Automatic Order Printing plugin versions up to, and including, 4.1 Description: The issue is related to Insecure Direct Object Reference, which allows authenticated attackers with Subscriber-level access and above to view other...

CVE-2025-25777

Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks...

CodeAstro Bus Ticket Booking System 安全漏洞

CodeAstro Bus Ticket Booking System is a bus ticket booking system from CodeAstro. A security vulnerability exists in CodeAstro Bus Ticket Booking System version 1.0, which stems from an insecure direct object reference that could lead to unauthorized access to user data...

CVE-2025-25777

CVE-2025-25777 affects Codeastro Bus Ticket Booking System v1.0, where an insecure direct object reference (IDOR) allows unauthorized access to user profiles by altering the URL parameter user ID. Root cause: insufficient authentication/authorization checks on profile endpoints, enabling access t...

📄 UJCMS 9.6.3 Insecure Direct Object Reference

UJCMS version 9.6.3 suffers from an insecure direct object reference vulnerability that enables user enumeration. Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link:...

UJCMS 9.6.3 - User Enumeration via IDOR

Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link: https://github.com/dromara/ujcms Version: UJCMS 9.6.3 Tested on: Linux CVE: CVE-2024-12483 Advisory:...

CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4...

CVE-2025-3575

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...

CVE-2025-3574

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...

ProConf 6.0 - Insecure Direct Object Reference (IDOR)

Exploit Title: ProConf 6.0 - Insecure Direct Object Reference IDOR Date: 19/07/2018 Exploit Author: S. M. Zia Ur Rashid, SC Author Contact: https://www.linkedin.com/in/ziaurrashid/ Vendor Homepage: http://proconf.org & http://myproconf.org Version:...

CVE-2025-3574

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...

CVE-2025-3575

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...

CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...

CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...

CVE-2025-3575

CVE-2025-3575 affects Deporsite from T-INNOVA. The vulnerability is an Insecure Direct Object Reference allowing an attacker to retrieve sensitive information from other users through the idUsuario parameter at /helper/Familia/establecerUsuarioSeleccion. The CVE entry notes a high impact with CVS...

CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...

CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...

CVE-2025-3574

CVE-2025-3574 —Insecure Direct Object Reference in Deporsite (T-INNOVA). An attacker can retrieve another user’s sensitive information by manipulating the idUsuario parameter of the /helper/Familia/obtenerFamiliaUsuario endpoint. Root cause: improper access control on user data access. Documented...

CVE-2025-3292

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

CVE-2025-3282

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...