4469 matches found
CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4...
CVE-2025-3575
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...
CVE-2025-3574
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...
ProConf 6.0 - Insecure Direct Object Reference (IDOR)
Exploit Title: ProConf 6.0 - Insecure Direct Object Reference IDOR Date: 19/07/2018 Exploit Author: S. M. Zia Ur Rashid, SC Author Contact: https://www.linkedin.com/in/ziaurrashid/ Vendor Homepage: http://proconf.org & http://myproconf.org Version:...
CVE-2025-3574
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...
CVE-2025-3575
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...
CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...
CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...
CVE-2025-3575
CVE-2025-3575 affects Deporsite from T-INNOVA. The vulnerability is an Insecure Direct Object Reference allowing an attacker to retrieve sensitive information from other users through the idUsuario parameter at /helper/Familia/establecerUsuarioSeleccion. The CVE entry notes a high impact with CVS...
CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...
CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...
CVE-2025-3574
CVE-2025-3574 —Insecure Direct Object Reference in Deporsite (T-INNOVA). An attacker can retrieve another user’s sensitive information by manipulating the idUsuario parameter of the /helper/Familia/obtenerFamiliaUsuario endpoint. Root cause: improper access control on user data access. Documented...
CVE-2025-3292
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-3292
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-3282
CVE-2025-3282 affects the WordPress plugin User Registration & Membership – Custom Registration Form, Login Form, and User Profile . The flaw is an Insecure Direct Object Reference via the missing validation of the but publicly controllable key membership_id, enabling unauthenticated attackers to...
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...