Lucene search
K

4633 matches found

Cvelist
Cvelist
added 8 hours ago7 views

CVE-2026-11580 Kali Forms < 2.4.17 - Contributor+ Arbitrary Post Metadata Disclosure via IDOR

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...

Exploits0References1
Nuclei
Nuclei
added 10 hours ago14 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS6.1AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago20 views

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

6.5CVSS6.6AI score0.01557EPSS
Exploits0
CVE
CVE
added yesterday6 views

CVE-2026-15058

CVE-2026-15058 concerns Devolutions Server (versions 2026.2.11 and 2026.1.22) with an improper authorization flaw in the secure messages deletion endpoint. An authenticated user can delete another user’s messages by manipulating a direct object reference to the message identifier. The connected d...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-15637

The CVE-2026-15637 entry concerns Devolutions Server (versions 2026.2.11 and 2026.1.22) with improper authorization in the PAM SSH key and certificate retrieval endpoints. An authenticated, low-privileged user can disclose the private key of an SSH key or certificate PAM credential via a direct o...

6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-12271

The CVE describes a vulnerability in the Tutor LMS WordPress plugin prior to 3.9.13 where the system does not verify ownership of the targeted quiz attempt before writing to it. This allows authenticated users with subscriber-level access and above to modify and force-complete other students’ qui...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References1
Patchstack
Patchstack
added 2 days ago4 views

WordPress Academy LMS plugin <= 3.8.0 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by sorawautsukushiii in WordPress Plugin Academy LMS versions = 3.8.0...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-10041 WCFM – Frontend Manager for WooCommerce <= 6.7.27 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation via Multiple AJAX Handlers

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0025EPSS
Exploits0References12
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43162

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.0025EPSS
Exploits0References12
CVE
CVE
added 4 days ago14 views

CVE-2026-10041

The CVE-2026-10041 entry concerns the WCFM – Frontend Manager for WooCommerce WordPress plugin (versions

4.3CVSS6.2AI score0.0025EPSS
Exploits0References12
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-13116 PDF Invoices & Packing Slips for WooCommerce <= 5.14.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via 'order_id' Shortcode Attribute

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43138

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
CVE
CVE
added 4 days ago11 views

CVE-2026-13116

CVE-2026-13116 affects the PDF Invoices & Packing Slips for WooCommerce plugin (WordPress) ≤ 5.14.0. Issue: Insecure Direct Object Reference via generate_document_shortcode caused by missing validation on a user-controlled key. Consequence: authenticated attackers with contributor+ access can min...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57388

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References11
CVE
CVE
added 5 days ago13 views

CVE-2026-13232

This CVE concerns Drupal Advanced Content Feedback (admin_feedback). Affected: versions 0.0.0–2.8.0. Root cause: incorrect authorization, failing to sufficiently verify authorization over the targeted feedback record during comment processing. Impact: potential access bypass/IDOR, enabling forcef...

3.1CVSS6.1AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-61460

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-59190 Grav Admin Plugin — IDOR Privilege Escalation via saveUser()

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
Rows per page
Query Builder