Simbarashe Financial Services 2.9.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Simbarashe Financial Services v2.9.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

SchoolPlus 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : SchoolPlus v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

Authorization Bypass Through User-Controlled Key

Overview aimeos/ai-controller-frontend is an Aimeos business controller logic for frontend Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the account profile page. An attacker can manipulate account details and disable subscriptions an...

CVE-2024-39319

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

CVE-2024-39319

CVE-2024-39319 affects the aimeos/ai-controller-frontend frontend controller. The vulnerability is an insecure direct object reference (IDOR) that allows an attacker to disable subscriptions and reviews of another customer. Affected versions are prior to 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8,...

Aimeos frontend controller 安全漏洞

Aimeos frontend controller is an Aimeos open source frontend controller. Aimeos frontend controller has a security vulnerability that stems from an insecure direct object reference that could allow an attacker to disable the subscribe and comment functionality for other clients. The following...

PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend

Name of the Vulnerable Software and Affected Versions: aimeos/ai-controller-frontend versions prior to 2024.4.2 aimeos/ai-controller-frontend versions prior to 2023.10.9 aimeos/ai-controller-frontend versions prior to 2022.10.8 aimeos/ai-controller-frontend versions prior to 2021.10.8...

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

CVE-2024-8290

CVE-2024-8290 affects the WCFM – Frontend Manager for WooCommerce with Bookings Subscription Listings Compatible (WordPress plugin) up to version 6.7.12. The vulnerability arises in WCFM_Customers_Manage_Controller::processing via an insecure object reference that lets authenticated subscribers (...

CVE-2024-7491

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

CVE-2024-7491

The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...

CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...

WordPress HUSKY plugin <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe vulnerability

Insecure Direct Object Reference to Unsubscribe vulnerability discovered by shaman0x01 in WordPress Plugin HUSKY versions = 1.3.6.1...

WordPress Charitable plugin <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability

Insecure Direct Object Reference to Account Takeover and Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Charitable versions = 1.8.1.14...

PT-2024-38381 · WordPress · Husky – Products Filter Professional

Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6.1 Description: The issue is related to Insecure Direct Object Reference. It affects the plugin via the woof messenger remove subscr...