Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-25 | CVE-2025-26977 | Authorization Bypass Through User-Controlled Key vulnerability in Ninjateam Filebird Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. | 7.2 |
| 2025-02-24 | CVE-2025-1607 | Authorization Bypass Through User-Controlled Key vulnerability in Mayurik Best Employee Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. | 4.3 |
| 2025-02-22 | CVE-2024-13873 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-20 | CVE-2024-13855 | Authorization Bypass Through User-Controlled Key vulnerability in Nilambar Prime Addons for Elementor The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. | 4.3 |
| 2025-02-18 | CVE-2024-13740 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-14 | CVE-2024-13692 | Authorization Bypass Through User-Controlled Key vulnerability in Wpswings Return Refund and Exchange for Woocommerce The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. | 5.4 |
| 2025-02-12 | CVE-2024-13601 | Authorization Bypass Through User-Controlled Key vulnerability in Majesticsupport Majestic Support The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-07 | CVE-2024-13841 | The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-02-04 | CVE-2024-12046 | The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. | 4.3 |
| 2025-02-04 | CVE-2024-13607 | The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. | 4.3 |