CVE-2024-10174 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'AbstractPermission' class due to missing validation on the 'useri...

CVE-2024-9262

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2024-9262 User Meta – User Profile Builder and User management plugin <= 3.1.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2024-9262

CVE-2024-9262 affects the WordPress plugin “User Meta – User Profile Builder and User management plugin” (WordPress). It describes an Insecure Direct Object Reference via getUser() caused by missing validation on a user-controlled key. The vulnerability affects all versions up to and including 3....

CVE-2024-9262 User Meta – User Profile Builder and User management plugin <= 3.1.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

WordPress User Meta plugin <= 3.1 - Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by wesley wcraft in WordPress Plugin User Meta versions = 3.1...

Lunary Access Control Error Vulnerability

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...

Beauty Parlour Management System Insecure Direct Object Reference Vulnerability

Beauty Parlour Management System is an application system. The Beauty Parlour Management System suffers from an insecure direct object reference vulnerability that could be exploited by an attacker to gain access to personally identifiable information of other customers...

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

VulnCheck KEV: CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

SiSMART 安全漏洞

SiSMART is a content management system from SiSMART, Inc. A security vulnerability exists in SiSMART version 7.4.0 that stems from the presence of an insecure direct object reference in the dashboard that allows an attacker to perform a horizontal-privilege upgrade...

CVE-2024-48217

An Insecure Direct Object Reference IDOR in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation...

CVE-2024-48217

CVE-2024-48217 affects SiSMART v7.4.0: an Insecure Direct Object Reference (IDOR) in the dashboard enables horizontal privilege escalation. PoC shows manipulation of Local Storage (sekolah_kode, user_id, user_level, id_token) to impersonate an administrator via these session-state values, redirec...

CVE-2024-51066

An Insecure Direct Object Reference IDOR vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information PII of other customers...

CVE-2024-9700

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

CVE-2024-9700

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

CVE-2024-9700

CVE-2024-9700 affects the WordPress plugin “Forminator Forms – Contact Form, Payment Form & Custom Form Builder” and covers all versions up to and including 1.36.0. The vulnerability is an Insecure Direct Object Reference via the submit_quizzes() function, caused by missing validation on the entr...

CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...