WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability

Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Refund Request Cancellation vulnerability discovered by Powpy in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.5.5...

WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability

Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...

WordPress WordPress Simple PayPal Shopping Cart plugin <= 5.1.3 - Insecure Direct Object Reference via 'quantity' vulnerability

Insecure Direct Object Reference via 'quantity' vulnerability discovered by Jack Taylor in WordPress Plugin Simple Shopping Cart versions = 5.1.3...

CVE-2025-68997 WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.43...

CVE-2025-68502 WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1...

Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response

Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...

hacker-man

Hacker Man - Vulnerable Web Applications Lab A collection of...

WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin wpDiscuz versions = 7.6.43...

SUSE CVE-2023-54035

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nftdatarelease. Then, d6b478666ffa "netfilter:...

Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit Author: Karuppiah Sabari Kumar0xsabre Vendor Homepage: https://wordpress.org/plugins/chained-quiz/ Software Link: https://downloads.wordpress.org/plugin/chained-quiz.1.3.3.zip...

CVE-2019-25239

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint,...

CVE-2019-25239 V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint,...

CVE-2018-25129 SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints

SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like...

CVE-2018-25129

CVE-2018-25129 affects the SOCA Access Control System (version 180612). The issue is insecure direct object references that allow access to sensitive credentials via unprotected endpoints Get_Permissions_From_DB.php and Ac10_ReadSortCard, enabling retrieval of password hashes and pins. Affected c...

CVE-2023-54035

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nftdatarelease. Then, d6b478666ffa "netfilter:...

UBUNTU-CVE-2023-54035

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nftdatarelease. Then, d6b478666ffa "netfilter:...

SOCA Access Control System 安全漏洞

SOCA Access Control System is an access control system from China's Sunchem SOCA. A security vulnerability exists in SOCA Access Control System version 180612, which stems from an insecure direct object reference that could lead to the disclosure of sensitive credentials...

WordPress WP JobHunt plugin <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference vulnerability

Authenticated Candidate+ Insecure Direct Object Reference vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

EUVD-2023-60244

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...