Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-24318
The Listeo WordPress theme prior to 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.
Purethemes Listeo
4.9
CVSSv3
CVE-2019-7925
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Magento Magento
5.4
CVSSv3
CVE-2021-24473
The User Profile Picture WordPress plugin prior to 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
Cozmoslabs User Profile Picture
4.3
CVSSv3
CVE-2021-37213
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record.
Larvata Flygo
3.7
CVSSv3
CVE-2023-38872
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated malicious user to access cash book entry attachments of any other user, if they know the Id of the attachment.
Economizzer Economizzer April 2023
Economizzer Economizzer 0.9
NA
CVE-2024-4538
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
7.5
CVSSv3
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
Gilacms Gila Cms 2.2.0
6.5
CVSSv3
CVE-2022-36284
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an malicious user to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user pro...
Storeapps Affiliate For Woocommerce
5.3
CVSSv3
CVE-2022-4340
The BookingPress WordPress plugin prior to 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating ...
Reputeinfosystems Bookingpress
6.5
CVSSv3
CVE-2022-3511
The Awesome Support WordPress plugin prior to 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
Getawesomesupport Awesome Support
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »