VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Authorization Bypass Through User-Controlled Key
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-22
CVE-2024-10666
The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode.
network
low complexity
CWE-639
4.3
4.3
2024-11-21
CVE-2024-10671
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-21
CVE-2024-10696
The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2024-11-21
CVE-2024-10782
The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-21
CVE-2024-10796
The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-20
CVE-2024-10855
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0.
network
low complexity
CWE-639
8.1
8.1
2024-11-16
CVE-2024-10795
The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-15
CVE-2024-50651
Authorization Bypass Through User-Controlled Key vulnerability in Geeeeeeeek Java Shop 1.0
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
network
low complexity
geeeeeeeek
CWE-639
6.5
6.5
2024-11-15
CVE-2021-3991
Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch.
network
low complexity
dolibarr
CWE-639
4.3
4.3
2024-11-13
CVE-2024-10174
The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key.
network
low complexity
CWE-639
7.3
7.3
«
1
(current)
2
3
4
5
...
54
55
»
Next