4465 matches found
Exploit for CVE-2025-12030
CVE-2025-12030: Insecure Direct Object Reference in ACF to RES...
CVE-2020-36923
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
CVE-2020-36923
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
CVE-2020-36923
Affected product: Sony BRAVIA Digital Signage 1.7.8. Vulnerability: insecure direct object reference (IDOR) that bypasses authorization controls to access hidden system resources (e.g., '/#/content-creation') by manipulating client-side access restrictions. Root cause: insufficient authorization ...
CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '//content-creation' by manipulating client-side access restrictions...
Sony BRAVIA Digital Signage 安全漏洞
Sony BRAVIA Digital Signage is a digital signage system from Sony, Japan. A security vulnerability exists in Sony BRAVIA Digital Signage version 1.7.8, which stems from an insecure direct object reference vulnerability that could lead to bypassing authorization controls and accessing hidden syste...
WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.30...
CVE-2025-68044 WordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through = 2.7.4...
CVE-2025-68044
CVE-2025-68044 affects Five Star Restaurant Reservations (WordPress Booking Plugin). Affected versions ≤ 2.7.4 expose an unauthenticated IDOR via a user-controlled key, enabling authorization bypass. Reported as Unauthenticated/IDOR with CVSS v3.1 base score 8.6 ( HIGH ); impact per the docs incl...
CVE-2026-21447
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
GHSA-X5RW-QVVP-5CGM Bagisto has IDOR in Customer Order Reorder Functionality
Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...
Bagisto has IDOR in Customer Order Reorder Functionality
Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This exposes sensitive purchase information and enables...
CVE-2026-21447
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
CVE-2026-21447
Bagisto (Laravel eCommerce) prior to version 2.3.10 is affected by an Insecure Direct Object Reference (IDOR) in the customer order reorder function. The root cause is that OrderController::reorder retrieves orders by ID without verifying ownership, allowing any authenticated customer to add item...
CVE-2026-21447 Bagisto has IDOR in Customer Order Reorder Functionality
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...
WordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Verdure versions = 1.6...
Webkul Software Bagisto 安全漏洞
Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto versions prior to 2.3.10, which stems from an insecure direct object reference in the Customer Order Reorder feature, which could cause an...
CVE-2025-63053
CVE-2025-63053 affects Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations. The issue is an Unauthenticated Insecure Direct Object Reference (IDOR) due to misconfigured access control, impacting Master Addons For Elementor versions up to 2.0.9.9.4. Wor...