Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2025-02-13 CVE-2025-0661 The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated.
network
low complexity
CWE-639
4.3
2025-02-12 CVE-2024-13601 The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
2025-02-07 CVE-2024-13841 The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2025-02-04 CVE-2024-12046 The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
2025-02-04 CVE-2024-13607 The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
2025-02-01 CVE-2024-13372 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
5.3
2025-02-01 CVE-2024-13425 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3
2025-02-01 CVE-2024-13428 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo() due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
5.3
2025-02-01 CVE-2024-13429 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3
2025-01-30 CVE-2024-13694 Authorization Bypass Through User-Controlled Key vulnerability in Moreconvert Woocommerce Wishlist 1.7.2
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key.
network
low complexity
moreconvert CWE-639
7.5