Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2025-02-25 CVE-2025-26977 Authorization Bypass Through User-Controlled Key vulnerability in Ninjateam Filebird
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.
network
low complexity
ninjateam CWE-639
7.2
2025-02-24 CVE-2025-1607 Authorization Bypass Through User-Controlled Key vulnerability in Mayurik Best Employee Management System 1.0
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0.
network
low complexity
mayurik CWE-639
4.3
2025-02-22 CVE-2024-13873 Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key.
network
low complexity
wpjobportal CWE-639
4.3
2025-02-20 CVE-2024-13855 Authorization Bypass Through User-Controlled Key vulnerability in Nilambar Prime Addons for Elementor
The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key.
network
low complexity
nilambar CWE-639
4.3
2025-02-18 CVE-2024-13740 Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key.
network
low complexity
metagauss CWE-639
4.3
2025-02-14 CVE-2024-13692 Authorization Bypass Through User-Controlled Key vulnerability in Wpswings Return Refund and Exchange for Woocommerce
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key.
network
low complexity
wpswings CWE-639
5.4
2025-02-12 CVE-2024-13601 Authorization Bypass Through User-Controlled Key vulnerability in Majesticsupport Majestic Support
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key.
network
low complexity
majesticsupport CWE-639
4.3
2025-02-07 CVE-2024-13841 The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2025-02-04 CVE-2024-12046 The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3
2025-02-04 CVE-2024-13607 The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key.
network
low complexity
CWE-639
4.3