Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-23 | CVE-2022-1810 | Authorization Bypass Through User-Controlled Key vulnerability in Publify Project Publify Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | 4.3 |
| 2022-05-20 | CVE-2022-29434 | Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 5.4 |
| 2022-05-20 | CVE-2022-29159 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. | 4.3 |
| 2022-05-16 | CVE-2022-1425 | Authorization Bypass Through User-Controlled Key vulnerability in 2Code Wpqa Builder The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2022-05-13 | CVE-2022-27247 | Authorization Bypass Through User-Controlled Key vulnerability in Cdsoft Winhotel.Mx 2021 onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference. | 5.3 |
| 2022-05-11 | CVE-2022-1352 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members. | 5.3 |
| 2022-05-11 | CVE-2022-29008 | Authorization Bypass Through User-Controlled Key vulnerability in PHPgurukul BUS Pass Management System 1.0 An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | 6.5 |
| 2022-05-10 | CVE-2022-28986 | Authorization Bypass Through User-Controlled Key vulnerability in Lmsdoctor 2 Factor Authentication 2021072900 LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. | 7.5 |
| 2022-05-01 | CVE-2022-23061 | Authorization Bypass Through User-Controlled Key vulnerability in Shopizer In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | 6.5 |
| 2022-04-25 | CVE-2021-24800 | Authorization Bypass Through User-Controlled Key vulnerability in Designwall DW Question & Answer The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. | 4.3 |