Lucene search
K

95 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-10041

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0025EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References11
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-12418 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Modification via 'wpuf_files_data' Parameter

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.7 via the 'wpuffilesdata' parameter due to missing validation on a user controll...

5.3CVSS0.00243EPSS
Exploits0References8
CVE
CVE
added 6 days ago10 views

CVE-2026-3688

The CVE concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. Affected: all versions up to 2.11.10. Root cause: the wcfmvm_membership_change AJAX action does not validate a user’s permission to modify other users, enabling an authenticated vendor...

8.1CVSS5.9AI score0.00223EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/01 10:31 a.m.10 views

WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by javitoia in WordPress Plugin LearnPress versions = 4.3.9.1...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/29 5:14 p.m.12 views

CVE-2026-56780

Modoboa prior to version 2.9.0 contains an insecure direct object reference in the PUT /api/v1/accounts/{pk}/password/ API. This flaw allows domain administrators to bypass object‑level access controls and change any user’s password, enabling full account takeover by resetting superadmin password...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 7:21 p.m.17 views

CVE-2026-55583 Twenty: Cross-workspace IDOR in AgentTurnResolver

Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...

7.6CVSS0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 10:22 p.m.27 views

CVE-2026-31942

LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...

7.1CVSS5.8AI score0.00206EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:17 p.m.17 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.13 views

CVE-2026-35671

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:48 a.m.14 views

Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

8.8CVSS5.8AI score0.0035EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40580

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the get course id by function unconditionally trusting the user-supplied course GET parameter as the authoritative cour...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References53
Cvelist
Cvelist
added 2026/05/06 5:10 p.m.34 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7638

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:29 a.m.7 views

CVE-2026-6810

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dexbccfadminintcalendarlist.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

5.3CVSS5.7AI score0.0033EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-34857

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex bccf admin int calendar list.inc.php file due to missing validation on a user controlled key. This makes it possible for authenticated...

5.3CVSS5.7AI score0.0033EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/04/23 4:30 p.m.7 views

WordPress Booking Calendar Contact Form plugin <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Calendar Takeover vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Calendar Contact Form versions = 1.2.63...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the plugin/Live/view/Liverestreams/list.json.php endpoint...

6.5CVSS5.8AI score0.00269EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/08 7:43 a.m.22 views

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS0.00542EPSS
Exploits0References16
Rows per page
Query Builder