CWE-639
Authorization Bypass Through User-Controlled Key
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,068)
page 28 of 54| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32747 | Med | 0.35 | 5.4 | 0.00 | Dec 21, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | ||
| CVE-2023-36520 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | ||
| CVE-2023-38513 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | ||
| CVE-2023-5544 | Med | 0.35 | 6.5 | 0.01 | Nov 9, 2023 | Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | ||
| CVE-2023-38201 | Med | 0.35 | 6.5 | 0.00 | Aug 25, 2023 | A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier… | ||
| CVE-2023-1889 | Med | 0.35 | 6.5 | 0.01 | Jun 9, 2023 | The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers,… | ||
| CVE-2023-28109 | Med | 0.35 | 6.5 | 0.01 | Mar 16, 2023 | Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as… | ||
| CVE-2022-4812 | — | Med | 0.35 | 6.5 | 0.01 | Dec 28, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4799 | — | Med | 0.35 | 6.5 | 0.01 | Dec 28, 2022 | Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-3794 | Med | 0.35 | 5.4 | 0.01 | Dec 22, 2022 | The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as… | ||
| CVE-2022-0731 | Med | 0.35 | 6.5 | 0.01 | Feb 23, 2022 | Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||
| CVE-2022-0613 | — | Med | 0.35 | 6.5 | 0.02 | Feb 16, 2022 | Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | |
| CVE-2021-3992 | — | Med | 0.35 | 6.5 | 0.01 | Dec 1, 2021 | kimai2 is vulnerable to Improper Access Control | |
| CVE-2021-37709 | — | Med | 0.35 | 6.5 | 0.01 | Aug 16, 2021 | Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3,… | |
| CVE-2021-24374 | — | Med | 0.35 | 5.3 | 0.01 | Jun 21, 2021 | The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the… | |
| CVE-2021-21022 | Med | 0.35 | 5.3 | 0.02 | Feb 11, 2021 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources. | ||
| CVE-2018-10211 | — | Med | 0.35 | 5.3 | 0.01 | Apr 25, 2018 | An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie. | |
| CVE-2026-53911 | Med | 0.34 | — | 0.00 | Jun 11, 2026 | Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit… | ||
| CVE-2023-40200 | Med | 0.34 | 5.3 | 0.00 | Jun 11, 2026 | Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from… | ||
| CVE-2026-8839 | Med | 0.34 | 5.3 | 0.01 | Jun 6, 2026 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via… |
- risk 0.35cvss 5.4epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.
- risk 0.35cvss 5.4epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12.
- risk 0.35cvss 5.4epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5.
- risk 0.35cvss 6.5epss 0.01
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
- risk 0.35cvss 6.5epss 0.00
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier…
- risk 0.35cvss 6.5epss 0.01
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers,…
- risk 0.35cvss 6.5epss 0.01
Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as…
- risk 0.35cvss 6.5epss 0.01
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- risk 0.35cvss 6.5epss 0.01
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- risk 0.35cvss 5.4epss 0.01
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as…
- risk 0.35cvss 6.5epss 0.01
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
- risk 0.35cvss 6.5epss 0.02
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
- risk 0.35cvss 6.5epss 0.01
kimai2 is vulnerable to Improper Access Control
- risk 0.35cvss 6.5epss 0.01
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3,…
- risk 0.35cvss 5.3epss 0.01
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the…
- risk 0.35cvss 5.3epss 0.02
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
- risk 0.34cvss —epss 0.00
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit…
- risk 0.34cvss 5.3epss 0.00
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from…
- risk 0.34cvss 5.3epss 0.01
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership verification in the REST API routes registered via…