2 matches found
CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter
The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
GHSA-PMC7-HMMW-G96Q Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference IDOR in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter...