CVE-2023-6983

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...

CVE-2024-0366 Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

CVE-2024-0366

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

CVE-2024-0366

CVE-2024-0366 affects WordPress plugin Starbox – the Author Box for Humans. It is an Insecure Direct Object Reference (IDOR) via an action function caused by missing validation on a user-controlled key, affecting all versions up to 3.4.7. Impact: subscribers could view plugin preferences and pote...

CVE-2023-6983 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...

CVE-2023-6983 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it possible fo...

CVE-2023-6983

CVE-2023-6983 affects the WordPress plugin “Display custom fields in the frontend – Post and User Profile Fields”. It is an insecure direct object reference (IDOR) in the vg_display_data shortcode caused by missing validation on a user-controlled key, enabling authenticated attackers with contrib...

WordPress plugin Starbox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

PT-2024-15501 · WordPress · The Starbox – The Author Box For Humans

Name of the Vulnerable Software and Affected Versions: The Starbox – the Author Box for Humans plugin for WordPress versions up to, and including, 3.4.7 Description: The issue is related to Insecure Direct Object Reference, which allows subscribers to view plugin preferences and potentially other...

Starbox < 3.4.8 - Subscriber+ Plugin Preferences / User Settings Access via IDOR

Description The plugin is vulnerable to Insecure Direct Object Reference via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings...

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

Security feature bypass

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

CVE-2024-23747

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference IDOR vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter...

Contact Form builder with drag & drop - Kali Forms < 2.3.37 - Insecure Direct Object Reference

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.38 due to missing validation on a user controlled key. This makes it possible for unauthenticated...

Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure

Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it...

CVE-2023-7031

Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end ...

CVE-2023-7031

CVE-2023-7031 : Insecure Direct Object Reference in Avaya Aura Experience Portal Manager allows partial information disclosure to an authenticated non-privileged user. Affected: Avaya Aura Experience Portal Manager versions 8.0.x and 8.1.x prior to 8.1.2 patch 0402; versions prior to 8.0 are end ...

PT-2024-15184 · Avaya · Avaya Aura Experience Portal Manager

Name of the Vulnerable Software and Affected Versions: Avaya Aura Experience Portal Manager versions 8.0.x through 8.1.x prior to 8.1.2 patch 0402 Avaya Aura Experience Portal Manager versions prior to 8.0 Description: Insecure Direct Object Reference vulnerabilities were discovered in the Avaya...

MTN Group: Insecure direct Object Reference(Horizontal Escalation)

The vulnerability allowed for insecure direct object reference horizontal escalation. Specifically, the user's dashboard was accessed without authentication, and the text content was modified through client-side inspection and manipulation...

Insecure Direct Object Reference

nextjs is vulnerable to Insecure Direct Object Reference Vulnerability. The vulnerability is due to a logical flaw within the auth function in the App Router, and getAuth within the Pages Router. This issue can be exploited by an attacker to gain unauthorized access or conduct privilege escalatio...