Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-22 | CVE-2024-40430 | Authorization Bypass Through User-Controlled Key vulnerability in Sftpgo Project Sftpgo 2.6.2 In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. | 5.3 |
2024-07-19 | CVE-2024-5977 | Authorization Bypass Through User-Controlled Key vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. | 5.4 |
2024-07-18 | CVE-2024-5619 | Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1. | 9.6 |
2024-06-29 | CVE-2024-5942 | Authorization Bypass Through User-Controlled Key vulnerability in Carlosfazenda Page and Post Clone The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. | 5.4 |
2024-06-27 | CVE-2024-1107 | Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68. | 8.8 |
2024-06-22 | CVE-2024-4874 | Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. | 4.3 |
2024-06-21 | CVE-2024-5639 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. | 4.3 |
2024-06-07 | CVE-2024-5438 | Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. | 4.3 |
2024-06-05 | CVE-2024-4886 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss Platform The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | 4.3 |
2024-05-14 | CVE-2023-40720 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortivoice An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. | 7.1 |