VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Authorization Bypass Through User-Controlled Key
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-15
CVE-2024-10775
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2025-01-11
CVE-2024-11915
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2025-01-11
CVE-2024-12116
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2025-01-11
CVE-2024-12472
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated.
network
low complexity
CWE-639
5.3
5.3
2025-01-09
CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4.
network
low complexity
CWE-639
critical
9.8
9.8
2025-01-07
CVE-2024-12131
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2025-01-03
CVE-2024-12132
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
4.3
2024-12-31
CVE-2024-13040
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability.
network
low complexity
CWE-639
8.8
8.8
2024-12-25
CVE-2024-12335
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-12-24
CVE-2024-12103
The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
5.3
5.3
«
1
(current)
2
3
4
5
...
46
47
»
Next