VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 2 of 54
  • CVE-2025-58627CriNov 6, 2025
    risk 0.64cvss 9.8epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through < 2.0.9.

  • CVE-2025-0987CriNov 3, 2025
    risk 0.64cvss 9.9epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection. This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2025-10742CriOct 16, 2025
    risk 0.64cvss 9.8epss 0.00

    The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it…

  • CVE-2025-5948CriSep 19, 2025
    risk 0.64cvss 9.8epss 0.00

    The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to claiming a business when using the claim_business…

  • CVE-2025-9114CriSep 8, 2025
    risk 0.64cvss 9.8epss 0.00

    The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible…

  • CVE-2024-8485CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be…

  • CVE-2024-39223CriJul 3, 2024
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey

  • CVE-2024-1107CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.

  • CVE-2023-2958CriJul 17, 2023
    risk 0.64cvss 9.8epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714.

  • CVE-2023-3048CriJun 13, 2023
    risk 0.64cvss 9.8epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

  • CVE-2023-2713CriMay 20, 2023
    risk 0.64cvss 9.8epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. This issue affects Rental Module: before 23.05.15.

  • CVE-2023-2276CriMay 20, 2023
    risk 0.64cvss 9.8epss 0.01

    The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user…

  • CVE-2026-5845CriApr 21, 2026
    risk 0.62cvss 9.6epss 0.00

    An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an…

  • CVE-2024-5619CriJul 18, 2024
    risk 0.62cvss 9.6epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apinizer Management Console: before 2024.05.1.

  • CVE-2026-1201CriJan 22, 2026
    risk 0.61cvss epss 0.00

    An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request…

  • CVE-2025-10910CriDec 18, 2025
    risk 0.60cvss epss 0.00

    A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The…

  • CVE-2025-42605CriApr 23, 2025
    risk 0.60cvss epss 0.00

    This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the…

  • CVE-2024-2472CriJun 14, 2024
    risk 0.60cvss 9.1epss 0.01

    The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for…

  • CVE-2026-45550CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group,…

  • CVE-2026-45750CriJun 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into…