4471 matches found
CVE-2025-5816
CVE-2025-5816 affects the WordPress plugin “Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship” (Biteship) up to version 3.2.0. The root cause is an Insecure Direct Object Reference via get_order_detail(), caused by a missing validation on a user-controlled key. This allows aut...
CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details
The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the getorderdetail due to missing validation on a user controlled key. This makes it possible for...
PT-2025-29987 · WordPress · Plugin Pengiriman Woocommerce Kurir Reguler
Name of the Vulnerable Software and Affected Versions: Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship versions through 3.2.0 Description: The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship for WordPress is susceptible to an Insecure Direct Object...
SingleStore: IDOR - Scheduled data leak to other accounts By "projectID"
The Insecure Direct Object Reference IDOR vulnerability was discovered in the GetNotebookScheduledPaginatedJobs endpoint on backend.singlestore.com. The API failed to verify the requestor's permission to access the specified project, allowing an authenticated user to access scheduled job...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
PHPGurukul Online DJ Booking Management System 安全漏洞
PHPGurukul Online DJ Booking Management System is an online DJ booking management system from PHPGurukul Inc. A security vulnerability exists in version 2.0 of the PHPGurukul Online DJ Booking Management System due to an insecure direct object reference in odms/request-details.php...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
CVE-2025-50693
PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference IDOR in odms/request-details.php...
CVE-2025-50693
The CVE-2025-50693 entry applies to PHPGurukul Online DJ Booking Management System 2.0, with an Insecure Direct Object Reference (IDOR) in odms/request-details.php. The root cause is IDOR allowing access to potentially sensitive information (impact: confidentiality – None, integrity – Low, availa...
PT-2025-26752 · Unknown · Phpgurukul Online Dj Booking Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online DJ Booking Management System version 2.0 Description: The issue is related to Insecure Direct Object Reference IDOR in the odms/request-details.php file. This could potentially allow unauthorized access to sensitive...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-52920
Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...
CVE-2025-52920
Innoshop (v0.4.1 and earlier) is affected by an IDOR vulnerability in the frontend store. The issue allows disclosure of other customers’ PII and deletion of their product reviews by manipulating IDs in endpoints such as /en/account/orders/{ORDER_ID} and /en/account/reviews/{REVIEW_ID}, or by alt...
PT-2025-26591 · Innoshop · Innoshop
Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...
Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14361)
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...
Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14359)
Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file /administer/selectionnode/framesSelection.a...
CVE-2025-40661
An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp...