Lucene search
K

3514 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function retrieves flows by UUID from the database...

8.4CVSS6.2AI score0.00438EPSS
Exploits2References49
EUVD
EUVD
added 2026/06/18 6:50 a.m.10 views

EUVD-2026-37860

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'userid' parameter due to missing validation on a user controlled key...

2.7CVSS5.4AI score0.0028EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/18 6:50 a.m.27 views

CVE-2026-12102 UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'userid' parameter due to missing validation on a user controlled key...

2.7CVSS0.0028EPSS
Exploits0References12
CVE
CVE
added 2026/06/18 6:50 a.m.20 views

CVE-2026-12102

Affected software: WordPress plugin UsersWP (Front-end login, registration, profile, members directory) up to version 1.2.63. Vulnerability: Insecure Direct Object Reference via the user_id parameter due to missing validation on a user-controlled key in uwp_usermeta, enabling an authenticated att...

2.7CVSS5.5AI score0.0028EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/18 5:34 a.m.11 views

EUVD-2026-37845

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'ruleid' parameter due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.0026EPSS
Exploits0References16
CVE
CVE
added 2026/06/18 5:34 a.m.18 views

CVE-2026-10623

The CVE-2026-10623 entry concerns the WordPress plugin PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin. Affected versions are all up to and including 2.3.0, with an Insecure Direct Object Reference via the 'rule_id' parameter caused by missing validation on a user-controlle...

4.3CVSS5.2AI score0.0026EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.25 views

CVE-2026-10623 PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' Parameters

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'ruleid' parameter due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.0026EPSS
Exploits0References16
NVD
NVD
added 2026/06/18 4:16 a.m.14 views

CVE-2026-10023

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 3:41 a.m.10 views

EUVD-2026-37835

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS5.6AI score0.0025EPSS
Exploits0References10
NVD
NVD
added 2026/06/17 11:17 p.m.13 views

CVE-2026-48759

TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a...

7.1CVSS0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:56 p.m.21 views

CVE-2026-48759 TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)

TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a...

7.1CVSS0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2026-37629

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

8.2CVSS5.3AI score0.00261EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 4:50 p.m.8 views

WordPress PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Modification vulnerability discovered by Truong Tran in WordPress Plugin PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin versions = 2.3.0...

4.3CVSS5.3AI score0.0026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:54 p.m.8 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Order Modification vulnerability discovered by Kirasec in WordPress Plugin Dokan versions = 5.0.3...

4.3CVSS5.3AI score0.0025EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2025-15657

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50564

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Steeltoe affected versions not specified Description TypeBot contains an Insecure Direct Object Reference IDOR issue—a flaw where an application provides direct access to objects based on user-supplied...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 4:30 a.m.11 views

EUVD-2026-37034

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS5.4AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.29 views

CVE-2026-10780 Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the staticblockcontent shortcode handler retrieving a post via getpost using an attacker-supplied 'id' attribute and outputting its postcontent without...

4.3CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/16 4:30 a.m.10 views

CVE-2026-10780

CVE-2026-10780 affects the WordPress Static Block plugin (versions up to 2.2). The vulnerability is an Insecure Direct Object Reference in the static_block_content() shortcode handler, which retrieves a post with get_post() using an attacker-controlled id and outputs its post_content without vali...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-39518

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS0.00278EPSS
Exploits0References1
Rows per page
Query Builder