Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-22 | CVE-2024-4874 | Authorization Bypass Through User-Controlled Key vulnerability in Bricksbuilder Bricks The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. | 4.3 |
| 2024-06-21 | CVE-2024-5639 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. | 4.3 |
| 2024-06-14 | CVE-2024-37889 | Authorization Bypass Through User-Controlled Key vulnerability in Treyww Myfinances MyFinances is a web application for managing finances. | 6.5 |
| 2024-06-12 | CVE-2024-29181 | Authorization Bypass Through User-Controlled Key vulnerability in Strapi Strapi is an open-source content management system. | 3.5 |
| 2024-06-07 | CVE-2024-5438 | Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. | 4.3 |
| 2024-06-06 | CVE-2024-5128 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. | 8.8 |
| 2024-06-06 | CVE-2024-5130 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. | 7.5 |
| 2024-06-06 | CVE-2024-5131 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. | 6.5 |
| 2024-06-06 | CVE-2024-36399 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard Kanboard is project management software that focuses on the Kanban methodology. | 6.3 |
| 2024-06-05 | CVE-2024-4886 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss Platform The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | 4.3 |