VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Authorization Bypass Through User-Controlled Key
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-13
CVE-2024-10794
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-13
CVE-2024-10778
The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-12
CVE-2024-10695
Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
futuriowp
CWE-639
4.3
4.3
2024-11-11
CVE-2024-11073
Authorization Bypass Through User-Controlled Key vulnerability in Mayurik Hospital Management System 1.0
A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0.
network
low complexity
mayurik
CWE-639
8.1
8.1
2024-11-09
CVE-2024-10688
The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-09
CVE-2024-10669
The Countdown Timer block – Display the event's date into a timer.
network
low complexity
CWE-639
4.3
4.3
2024-11-09
CVE-2024-10770
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-09
CVE-2024-10693
The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2024-11-09
CVE-2024-9262
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key.
network
low complexity
CWE-639
6.5
6.5
2024-11-04
CVE-2024-51559
Authorization Bypass Through User-Controlled Key vulnerability in 63Moons Aero and Wave 2.0
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints.
network
low complexity
63moons
CWE-639
6.5
6.5
«
Previous
1
2
(current)
3
4
5
...
54
55
»
Next