| 2024-10-31 | CVE-2024-9700 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. | 5.3 |
| 2024-10-29 | CVE-2024-10452 | Authorization Bypass Through User-Controlled Key vulnerability in Grafana 10.4.0
Organization admins can delete pending invites created in an organization they are not part of. | 2.7 |
| 2024-10-29 | CVE-2024-7473 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. | 6.5 |
| 2024-10-29 | CVE-2024-7474 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
| 2024-10-28 | CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. | 9.8 |
| 2024-10-28 | CVE-2024-10439 | Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. | 7.5 |
| 2024-10-26 | CVE-2024-9637 | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. | 8.8 |
| 2024-10-18 | CVE-2024-10121 | Authorization Bypass Through User-Controlled Key vulnerability in Riskengine Radar
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. | 9.8 |
| 2024-10-17 | CVE-2024-9215 | The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. | 8.8 |
| 2024-10-17 | CVE-2024-9862 | The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. network low complexity CWE-639 critical | 9.8 |