Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-22 | CVE-2022-34775 | Authorization Bypass Through User-Controlled Key vulnerability in Tabit Tabit - Excessive data exposure. | 7.5 |
| 2022-08-19 | CVE-2022-34621 | Authorization Bypass Through User-Controlled Key vulnerability in Mealie 0.5.5/1.0.0 Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | 6.5 |
| 2022-08-15 | CVE-2022-2824 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | 5.4 |
| 2022-08-15 | CVE-2022-2535 | Authorization Bypass Through User-Controlled Key vulnerability in Searchwp Live Ajax Search The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink | 5.3 |
| 2022-08-09 | CVE-2022-2730 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.5 |
| 2022-08-08 | CVE-2022-2367 | Authorization Bypass Through User-Controlled Key vulnerability in WSM Downloader Project WSM Downloader 1.4.0 The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation | 7.5 |
| 2022-08-05 | CVE-2022-2499 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 4.3 |
| 2022-08-05 | CVE-2022-36284 | Authorization Bypass Through User-Controlled Key vulnerability in Storeapps Affiliate for Woocommerce Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. | 6.5 |
| 2022-08-01 | CVE-2022-1600 | Authorization Bypass Through User-Controlled Key vulnerability in Yop-Poll YOP Poll The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. | 5.3 |
| 2022-07-20 | CVE-2022-33944 | Authorization Bypass Through User-Controlled Key vulnerability in Micodus Mv720 Firmware The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. | 6.5 |