Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2021-36865 | Authorization Bypass Through User-Controlled Key vulnerability in Quizandsurveymaster Quiz and Survey Master Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | 4.3 |
| 2022-09-26 | CVE-2022-1613 | Authorization Bypass Through User-Controlled Key vulnerability in 10Up Restricted Site Access The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. | 5.3 |
| 2022-09-15 | CVE-2022-38789 | Authorization Bypass Through User-Controlled Key vulnerability in Airties products An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. | 9.1 |
| 2022-09-07 | CVE-2022-36539 | Authorization Bypass Through User-Controlled Key vulnerability in Eigen&Wijzer Ouderapp Project Eigen&Wijzer Ouderapp WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. | 7.5 |
| 2022-09-06 | CVE-2022-32277 | Authorization Bypass Through User-Controlled Key vulnerability in Squiz Matrix 6.20 Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. | 5.3 |
| 2022-08-31 | CVE-2022-36202 | Authorization Bypass Through User-Controlled Key vulnerability in Doctor'S Appointment System Project Doctor'S Appointment System 1.0 Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. | 9.8 |
| 2022-08-29 | CVE-2022-2034 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Sensei LMS The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | 5.3 |
| 2022-08-29 | CVE-2022-3019 | Authorization Bypass Through User-Controlled Key vulnerability in Tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | 8.8 |
| 2022-08-22 | CVE-2022-34770 | Authorization Bypass Through User-Controlled Key vulnerability in Tabit Tabit - sensitive information disclosure. | 7.5 |
| 2022-08-22 | CVE-2022-34775 | Authorization Bypass Through User-Controlled Key vulnerability in Tabit Tabit - Excessive data exposure. | 7.5 |