CVE-2024-13457 Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

CVE-2024-56404

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference IDOR vulnerability allows privilege escalation. Only On-Premise installations are affected...

CVE-2024-56404

CVE-2024-56404 – One Identity Identity Manager : Affects One Identity Identity Manager 9.x before 9.3 (On-Premise). The issue is an insecure direct object reference (IDOR) that enables privilege escalation. Reported CVSSv3.1 base score 9.9 (CRITICAL) with network attack vector, low attack complex...

Insecure Direct Object Reference (IDOR)

Khoj is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the improper implementation of access controls in the updatesubscription endpoint, where the system fails to enforce authorization checks to ensure that only the owner of a subscription can modify it, allowin...

CVE-2024-12131

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12131

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12131 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12131 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12131

CVE-2024-12131 affects the WordPress plugin “WP Job Portal – A Complete Recruitment System for Company or Job Board website” (WordPress plugin). The issue is an Insecure Direct Object Reference caused by missing validation on a user-controlled key, enabling authenticated attackers with Subscriber...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1760 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress versions up to, and including, 2.2.5 Description: The issue is related to Insecure Direct Object Reference due to missing validation on a user...

WordPress Themes Coder plugin <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Themes Coder versions = 1.3.4...

CVE-2024-12132

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12132

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12132

CVE-2024-12132 - WP Job Portal (WordPress) vulnerability : The WP Job Portal – A Complete Recruitment System plugin for WordPress is vulnerable to insecure direct object references in all versions up to 2.2.4 due to missing validation on a user-controlled key. This enables authenticated attackers...

CVE-2024-12132 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12132 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated...

WordPress plugin WP Job Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Job Portal plugin <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Apostolos Sakellariou in WordPress Plugin WP Job Portal versions = 2.2.4...

Insecure Direct Object Reference (IDOR)

Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control. Specifically, the application does not properly validate or restrict a user's access to resources based on their identity, allowing them to manipulate parameters like...