Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2024-10666 The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode.
network
low complexity
CWE-639
4.3
2024-11-21 CVE-2024-10671 The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-21 CVE-2024-10696 The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
2024-11-21 CVE-2024-10782 The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-21 CVE-2024-10796 The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-20 CVE-2024-10855 Authorization Bypass Through User-Controlled Key vulnerability in Sirv
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0.
network
low complexity
sirv CWE-639
8.1
2024-11-16 CVE-2024-10795 The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-15 CVE-2024-50651 Authorization Bypass Through User-Controlled Key vulnerability in Geeeeeeeek Java Shop 1.0
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
network
low complexity
geeeeeeeek CWE-639
6.5
2024-11-15 CVE-2021-3991 Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch.
network
low complexity
dolibarr CWE-639
4.3
2024-11-13 CVE-2024-10174 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key.
network
low complexity
CWE-639
7.3