Insecure Direct Object Reference (IDOR)

com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...

CVE-2025-10146

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2025-10146

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2025-10146

CVE-2025-10146 affects the WordPress Download Manager plugin, with vulnerable versions up to 3.3.23, due to insufficient input sanitization and output escaping in the parameter user_ids . This enables Reflected Cross-Site Scripting by unauthenticated attackers who lure a user to perform an action...

PT-2025-38509

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.24 Description The WordPress Download Manager plugin is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...

CVE-2024-50651

javashop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter...