Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idor vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2021-24318
The Listeo WordPress theme prior to 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.
Purethemes Listeo
NA
CVE-2024-4538
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
356
VMScore
CVE-2021-37213
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record.
Larvata Flygo
445
VMScore
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
Gilacms Gila Cms 2.2.0
490
VMScore
CVE-2021-24473
The User Profile Picture WordPress plugin prior to 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
Cozmoslabs User Profile Picture
490
VMScore
CVE-2019-7925
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Magento Magento
NA
CVE-2023-38872
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated malicious user to access cash book entry attachments of any other user, if they know the Id of the attachment.
Economizzer Economizzer April 2023
Economizzer Economizzer 0.9
NA
CVE-2022-42129
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 up to and including 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstance...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
NA
CVE-2022-4340
The BookingPress WordPress plugin prior to 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating ...
Reputeinfosystems Bookingpress
NA
CVE-2022-3511
The Awesome Support WordPress plugin prior to 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector
Getawesomesupport Awesome Support
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »