CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference IDOR vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend relies solely on the participantId parameter to...

CVE-2025-65028

CVE-2025-65028 affects Rallly prior to 4.5.4. The vulnerability is an insecure direct object reference (IDOR) in the vote-update endpoint where the backend relies solely on the participantId parameter to identify votes, without verifying ownership or poll permissions. This allows any authenticate...

PT-2024-31873 · Unknown · Projectworld Online Voting System

Name of the Vulnerable Software and Affected Versions: Projectworld Online Voting System version 1.0 Description: The issue allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or...

WordPress Like Button Rating plugin <= 2.6.37 - Unauthorized Vote Export to Email & IP Addresses Disclosure vulnerability

Unauthorized Vote Export to Email & IP Addresses Disclosure vulnerability discovered by Krzysztof Zając in WordPress Like Button Rating plugin versions = 2.6.37. Solution Update the WordPress Like Button Rating plugin to the latest available version at least 2.6.38...