Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-6724 Authorization Bypass Through User-Controlled Key vulnerability in Simgesel Hearing Tracking System
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.
network
low complexity
simgesel CWE-639
8.8
2024-02-05 CVE-2024-0366 Authorization Bypass Through User-Controlled Key vulnerability in Squirrly Starbox
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key.
network
low complexity
squirrly CWE-639
4.3
2024-02-05 CVE-2023-6983 Authorization Bypass Through User-Controlled Key vulnerability in Josevega Display Custom Fields in the Frontend - Post and User Profile Fields
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key.
network
low complexity
josevega CWE-639
4.3
2024-01-31 CVE-2024-22305 Authorization Bypass Through User-Controlled Key vulnerability in Kaliforms Kali Forms
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.
network
low complexity
kaliforms CWE-639
8.1
2024-01-29 CVE-2023-7199 Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request
network
low complexity
relevanssi CWE-639
5.3
2024-01-29 CVE-2024-23747 Authorization Bypass Through User-Controlled Key vulnerability in Modernasistemas Modernanet Hospital Management System 2024
The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability.
network
low complexity
modernasistemas CWE-639
7.5
2024-01-22 CVE-2023-6384 Authorization Bypass Through User-Controlled Key vulnerability in Wp-Eventmanager User Profile Avatar
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
network
low complexity
wp-eventmanager CWE-639
4.3
2024-01-18 CVE-2024-0580 Authorization Bypass Through User-Controlled Key vulnerability in Idmsistemas Sinergia 2.0
Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product.
network
low complexity
idmsistemas CWE-639
7.5
2024-01-17 CVE-2023-7031 Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user.
network
low complexity
avaya CWE-639
4.3
2024-01-17 CVE-2023-36235 Authorization Bypass Through User-Controlled Key vulnerability in Webkul Qloapps
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
network
low complexity
webkul CWE-639
6.5