WordPress NP Quote Request for WooCommerce plugin <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Tim Coen in WordPress Plugin NP Quote Request for WooCommerce versions = 1.9.179...

SuperAGI 安全漏洞

SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version v0.0.14 that stems from improper authorization checking and could lead to an...

PT-2025-12117 · Unknown · Transformeroptimus/Superagi

Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: An IDOR Insecure Direct Object Reference vulnerability exists, allowing attackers to view, edit, and delete other users' information without proper authorization. The application fails ...

PT-2025-12098 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.6.0 Description: An Insecure Direct Object Reference IDOR vulnerability exists in the "PATCH /v1/runs/:id/score" endpoint. This issue allows an attacker to update the score data of any run by manipulating the id...

CVE-2025-2271

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...

CVE-2024-13887

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...

CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp

A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference IDOR vulnerability in the Issuetrak audit component. The vulnerability enables unauthorized access to sensitive...

CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

CVE-2024-13887

CVE-2024-13887 concerns the WordPress plugin Business Directory Plugin – Easy Listing Directories for WordPress (versions

WordPress Business Directory plugin <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition vulnerability

Insecure Direct Object Reference to Listing Arbitrary Image Addition vulnerability discovered by Rein Daelman trein in WordPress Plugin Business Directory versions = 6.4.14...

Insecure Direct Object Reference (IDOR)

github.com/zitadel/zitadel is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control in the Admin API, allowing authenticated users without specific IAM roles to modify sensitive settings...

CVE-2024-12114

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

CVE-2024-13552

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to...

CVE-2024-12114

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

CVE-2024-12114

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

CVE-2024-12114

CVE-2024-12114 affects FooGallery for WordPress (

CVE-2024-12114 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

CVE-2024-12114 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

WordPress FooGallery plugin <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Post/Page Updates vulnerability discovered by Stiofan in WordPress Plugin FooGallery versions = 2.4.29...