4405 matches found
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2024-5639
CVE-2024-5639 : The WordPress User Profile Picture plugin (metronet-profile-picture) suffers an Insecure Direct Object Reference in all versions up to and including 2.6.1 due to missing validation in rest_api_change_profile_image. This allows authenticated attackers with Author-level access or hi...
WordPress plugin User Profile Picture security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin User...
CVE-2024-38874
The CVE-2024-38874 issue affects the TYPO3 Events 2 extension (events2) prior to 8.3.8 and prior to 9.0.6 for TYPO3. The root cause is missing access checks in the management plugin, creating an insecure direct object reference (IDOR). This could allow an unauthenticated attacker to activate or d...
CVE-2024-38874
An issue was discovered in the events2 aka Events 2 extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference IDOR vulnerability with the potential to activate or delete various events for unauthenticated user...
WordPress User Profile Picture plugin <= 2.6.1 - Authenticated Insecure Direct Object Reference to Profile Picture Update vulnerability
Authenticated Insecure Direct Object Reference to Profile Picture Update vulnerability discovered by JoanClarke2 in WordPress Plugin User Profile Picture versions = 2.6.1...
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2023-49112
Kiuwan SAST is affected by CVE-2023-49112 due to an insecure API endpoint: /saas/rest/v1/info/application, which accepts only the application name and returns information about any application. The root cause is missing access control, allowing other authenticated users to read application data w...
Fedora 39 : libvirt (2024-c2e7b82022)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c2e7b82022 advisory. Fix crash in event loop CVE-2024-4418 Fix I/O stall when multiple threads issue RPC calls Fix leak of GSource object Fix leak of udev object referen...
CVE-2024-4873
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-4873
Technical details about CVE-2024-4873 are not publicly provided in the connected documents. Monitor for updates from Wordfence/Vulners to obtain affected versions, impact, and remediation.
CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...
WordPress plugin Replace Image security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Replace Image plugin <= 1.1.10 - Authenticated Insecure Direct Object Reference vulnerability
Authenticated Insecure Direct Object Reference vulnerability discovered by Jin Hao Chan in WordPress Plugin Replace Image versions = 1.1.10...
Wordpress LatePoint Plugin plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR vulnerability
Missing Authorization and Sensitive Information Exposure via IDOR vulnerability discovered by Gharib Sharifi - WaveSec, Joel Aviad Ossi in WordPress Plugin LatePoint versions = 4.9.9...
CVE-2024-34106 Insecure Direct Object Reference - An attacker can able to erase the victim quote details
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of anoth...
CVE-2024-34106 Insecure Direct Object Reference - An attacker can able to erase the victim quote details
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of anoth...
KiviCare <= 3.6.2 - Authenticated (Patient+) Insecure Direct Object Reference
Description The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.6.2 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...