Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-3995 | Authorization Bypass Through User-Controlled Key vulnerability in Standalonetech Terawallet The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. | 4.3 |
| 2022-11-29 | CVE-2022-43326 | Authorization Bypass Through User-Controlled Key vulnerability in Telosalliance Omnia MPX Node Firmware An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. | 7.5 |
| 2022-11-28 | CVE-2022-24187 | Authorization Bypass Through User-Controlled Key vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. | 7.5 |
| 2022-11-18 | CVE-2022-43492 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz 7.4.2 Auth. | 8.8 |
| 2022-11-16 | CVE-2022-44005 | Authorization Bypass Through User-Controlled Key vulnerability in Backclick 5.9.63 An issue was discovered in BACKCLICK Professional 5.9.63. | 5.3 |
| 2022-11-15 | CVE-2022-42129 | Authorization Bypass Through User-Controlled Key vulnerability in Liferay Digital Experience Platform and Liferay Portal An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. | 4.3 |
| 2022-11-10 | CVE-2022-3413 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. | 4.3 |
| 2022-11-08 | CVE-2022-40205 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | 4.3 |
| 2022-11-08 | CVE-2022-40206 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | 4.3 |
| 2022-11-03 | CVE-2021-36906 | Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. | 8.8 |