CVE-2024-39319

CVE-2024-39319 affects the aimeos/ai-controller-frontend frontend controller. The vulnerability is an insecure direct object reference (IDOR) that allows an attacker to disable subscriptions and reviews of another customer. Affected versions are prior to 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8,...

CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

Aimeos frontend controller 安全漏洞

Aimeos frontend controller is an Aimeos open source frontend controller. Aimeos frontend controller has a security vulnerability that stems from an insecure direct object reference that could allow an attacker to disable the subscribe and comment functionality for other clients. The following...

PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend

Name of the Vulnerable Software and Affected Versions: aimeos/ai-controller-frontend versions prior to 2024.4.2 aimeos/ai-controller-frontend versions prior to 2023.10.9 aimeos/ai-controller-frontend versions prior to 2022.10.8 aimeos/ai-controller-frontend versions prior to 2021.10.8...

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290

CVE-2024-8290 affects the WCFM – Frontend Manager for WooCommerce with Bookings Subscription Listings Compatible (WordPress plugin) up to version 6.7.12. The vulnerability arises in WCFM_Customers_Manage_Controller::processing via an insecure object reference that lets authenticated subscribers (...

CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-7491

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491

The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

WordPress HUSKY plugin <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe vulnerability

Insecure Direct Object Reference to Unsubscribe vulnerability discovered by shaman0x01 in WordPress Plugin HUSKY versions = 1.3.6.1...

WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability

Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...

PT-2024-38381 · WordPress · Husky – Products Filter Professional

Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6.1 Description: The issue is related to Insecure Direct Object Reference. It affects the plugin via the woof messenger remove subscr...

PT-2024-38918 · WordPress +1 · Bookings Subscription Listings Compatible +1

Name of the Vulnerable Software and Affected Versions: WCFM – Frontend Manager for WooCommerce versions up to, and including, 6.7.12 Description: The issue is related to Insecure Direct Object Reference, which affects the WCFM – Frontend Manager for WooCommerce along with the Bookings Subscriptio...

Car Rental Project 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Car Rental Project 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | | Vendor :...

Online Food Management System 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Online Food Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits |...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused due to improper validation of the mail parameter in the createAction function, allows an unauthenticated attacker to access user-submitted data from all forms handled by the extension...