Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-7199 | Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 5.3 |
| 2024-01-29 | CVE-2024-23747 | Authorization Bypass Through User-Controlled Key vulnerability in Modernasistemas Modernanet Hospital Management System 2024 The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. | 7.5 |
| 2024-01-22 | CVE-2023-6384 | Authorization Bypass Through User-Controlled Key vulnerability in Wp-Eventmanager User Profile Avatar The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar | 4.3 |
| 2024-01-17 | CVE-2023-7031 | Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. | 4.3 |
| 2024-01-17 | CVE-2023-36235 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Qloapps An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | 6.5 |
| 2024-01-11 | CVE-2023-6223 | Authorization Bypass Through User-Controlled Key vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. | 4.3 |
| 2024-01-11 | CVE-2023-6630 | Authorization Bypass Through User-Controlled Key vulnerability in Rocklobster Contact Form 7 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. | 4.3 |
| 2024-01-03 | CVE-2023-50342 | Authorization Bypass Through User-Controlled Key vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2024-01-02 | CVE-2023-45892 | Authorization Bypass Through User-Controlled Key vulnerability in Floorsightsoftware Insight Q32023 An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 7.5 |
| 2024-01-02 | CVE-2023-45893 | Authorization Bypass Through User-Controlled Key vulnerability in Floorsightsoftware Customer Portal Q32023 An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 7.5 |