Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-05 | CVE-2024-11216 | Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: through 05.03.2025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.6 |
| 2025-02-28 | CVE-2024-13832 | Authorization Bypass Through User-Controlled Key vulnerability in Uncodethemes Ultra Addons Lite for Elementor The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-02-24 | CVE-2025-1607 | A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. | 4.3 |
| 2025-02-22 | CVE-2024-13873 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-20 | CVE-2024-13855 | Authorization Bypass Through User-Controlled Key vulnerability in Nilambar Prime Addons for Elementor The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. | 4.3 |
| 2025-02-18 | CVE-2024-13740 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-14 | CVE-2024-13692 | Authorization Bypass Through User-Controlled Key vulnerability in Wpswings Return Refund and Exchange for Woocommerce The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. | 5.4 |
| 2025-02-12 | CVE-2024-13601 | Authorization Bypass Through User-Controlled Key vulnerability in Majesticsupport Majestic Support The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-07 | CVE-2024-13841 | The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-02-04 | CVE-2024-12046 | The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. | 4.3 |