4466 matches found
CVE-2025-13157
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
EUVD-2025-199804
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
CVE-2025-13157
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
CVE-2025-13157
CVE-2025-13157 concerns the QODE Wishlist for WooCommerce plugin (WordPress). Some versions up to 1.2.7 are vulnerable to an Insecure Direct Object Reference due to missing validation in the wishlist_table_item_callback, allowing unauthenticated attackers to update the public view of arbitrary wi...
CVE-2025-13157 QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
CVE-2025-13157 QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
Online Shopping Portal Insecure Direct Object Reference Vulnerability
Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...
WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability
WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...
PT-2025-48239
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode wishlist for woocommerce wishlist table item callback' function due to missing validation on a user controlled key. This makes it...
EUVD-2025-199756
An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...
EUVD-2025-199752
Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...
CVE-2025-65670
An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...
CVE-2025-65672
Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...
CVE-2025-65672
Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...
CVE-2025-12766
An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...
CVE-2025-12040
The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.3 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated...
CVE-2025-65647
Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...
CVE-2025-65672
Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...
PT-2025-48174
Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...
CVE-2025-65672
CVE-2025-65672 concerns an insecure direct object reference (IDOR) in ClassroomIO 0.1.13, enabling unauthorized sharing and inviting access to course settings. Connected sources consistently describe the root cause as broken access control with IDOR, allowing a student‑level user to manipulate co...