Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.6 views

PT-2026-2215

Name of the Vulnerable Software and Affected Versions Spree versions prior to 4.10.2 Spree versions prior to 5.0.7 Spree versions prior to 5.1.9 Spree versions prior to 5.2.5 Description Spree is an open source e-commerce solution built with Ruby on Rails. An Unauthenticated Insecure Direct Objec...

7.5CVSS6.5AI score0.00383EPSS
Exploits1References14
WPVulnDB
WPVulnDB
added 2020/10/15 12:0 a.m.6 views

Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion

While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...

1.3AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2020/10/15 12:0 a.m.16 views

Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion

While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...

0.7AI score
Exploits0References1
Patchstack
Patchstack
added 2020/02/15 12:0 a.m.12 views

WordPress Realia plugin <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability

Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability found by Vlad Vector, Erwan LR in WordPress Realia plugin versions = 1.4. Solution 2020-12-03 - no patched version available, only note from WordPress plugin repository "This plugin has been closed as of August 14, 2020 and is...

3.9AI score
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2019/08/31 1:28 a.m.10 views

U.S. Dept Of Defense: Unauth IDOR to mass account takeover without user interaction on the ███████ (https://███████.edu/)

The vulnerability discovered was an Insecure Direct Object Reference IDOR that allowed for mass account takeover without user interaction on the ███████ https://███████.edu/ website. The vulnerability was found in the /chkUser.aspx endpoint, which was vulnerable to IDOR. The numeric user ID...

7.3AI score
Exploits0
Rows per page
Query Builder