Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-28 | CVE-2024-9298 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. | 4.3 |
| 2024-09-25 | CVE-2024-8290 | Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. | 8.8 |
| 2024-09-25 | CVE-2024-8485 | Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. | 9.8 |
| 2024-09-24 | CVE-2024-8791 | Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. | 9.8 |
| 2024-09-20 | CVE-2024-45806 | Authorization Bypass Through User-Controlled Key vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 6.5 |
| 2024-09-17 | CVE-2024-45605 | Authorization Bypass Through User-Controlled Key vulnerability in Sentry 24.1.2 Sentry is a developer-first error tracking and performance monitoring platform. | 4.3 |
| 2024-09-17 | CVE-2024-45606 | Authorization Bypass Through User-Controlled Key vulnerability in Sentry Sentry is a developer-first error tracking and performance monitoring platform. | 4.3 |
| 2024-09-17 | CVE-2024-47047 | Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail An issue was discovered in the powermail extension through 12.4.0 for TYPO3. | 7.5 |
| 2024-09-16 | CVE-2024-46937 | Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. | 7.5 |
| 2024-09-14 | CVE-2022-3459 | Authorization Bypass Through User-Controlled Key vulnerability in Lilmonkee Woocommerce multiple Free Gift The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. | 5.3 |