5 matches found
PT-2026-2215
Name of the Vulnerable Software and Affected Versions Spree versions prior to 4.10.2 Spree versions prior to 5.0.7 Spree versions prior to 5.1.9 Spree versions prior to 5.2.5 Description Spree is an open source e-commerce solution built with Ruby on Rails. An Unauthenticated Insecure Direct Objec...
Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion
While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...
Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion
While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...
WordPress Realia plugin <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability
Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability found by Vlad Vector, Erwan LR in WordPress Realia plugin versions = 1.4. Solution 2020-12-03 - no patched version available, only note from WordPress plugin repository "This plugin has been closed as of August 14, 2020 and is...
U.S. Dept Of Defense: Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/)
The vulnerability discovered was an Insecure Direct Object Reference IDOR that allowed for mass account takeover without user interaction on the ███████ https://███████.edu/ website. The vulnerability was found in the /chkUser.aspx endpoint, which was vulnerable to IDOR. The numeric user ID...