Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-22305 | Authorization Bypass Through User-Controlled Key vulnerability in Kaliforms Kali Forms Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36. | 8.1 |
| 2024-01-29 | CVE-2023-7199 | Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 5.3 |
| 2024-01-29 | CVE-2024-23747 | Authorization Bypass Through User-Controlled Key vulnerability in Modernasistemas Modernanet Hospital Management System 2024 The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. | 7.5 |
| 2024-01-22 | CVE-2023-6384 | Authorization Bypass Through User-Controlled Key vulnerability in Wp-Eventmanager User Profile Avatar The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar | 4.3 |
| 2024-01-18 | CVE-2024-0580 | Authorization Bypass Through User-Controlled Key vulnerability in Idmsistemas Sinergia 2.0 Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. | 7.5 |
| 2024-01-17 | CVE-2023-7031 | Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. | 4.3 |
| 2024-01-17 | CVE-2023-36235 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Qloapps An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | 6.5 |
| 2024-01-12 | CVE-2024-22206 | Authorization Bypass Through User-Controlled Key vulnerability in Clerk Javascript Clerk helps developers build user management. | 9.8 |
| 2024-01-11 | CVE-2023-6223 | Authorization Bypass Through User-Controlled Key vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. | 4.3 |
| 2024-01-11 | CVE-2023-6630 | Authorization Bypass Through User-Controlled Key vulnerability in Rocklobster Contact Form 7 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. | 4.3 |