CWE-639
Authorization Bypass Through User-Controlled Key
BaseIncompleteLikelihood: High
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (680)
page 28 of 34| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11321 | Med | 0.28 | 4.3 | 0.00 | Oct 6, 2025 | A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. | |
| CVE-2025-59687 | Med | 0.28 | 4.3 | 0.00 | Oct 1, 2025 | IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization. | |
| CVE-2025-10719 | Med | 0.28 | 4.3 | 0.00 | Sep 19, 2025 | Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files. | |
| CVE-2025-58597 | Med | 0.28 | 4.3 | 0.00 | Sep 3, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6. | |
| CVE-2025-9836 | Med | 0.28 | 4.3 | 0.00 | Sep 2, 2025 | A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used. | |
| CVE-2025-9835 | Med | 0.28 | 4.3 | 0.00 | Sep 2, 2025 | A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-9263 | Med | 0.28 | 4.3 | 0.00 | Aug 20, 2025 | A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-8789 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2025 | A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-50340 | Med | 0.28 | 4.3 | 0.00 | Aug 4, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system. NOTE: this is disputed by the Supplier because the only effective way to prevent this sender spoofing is on the SMTP server, not within a client such as SOGo. | |
| CVE-2025-7938 | Med | 0.28 | 4.3 | 0.00 | Jul 21, 2025 | A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-49978 | Med | 0.28 | 4.3 | 0.00 | Jun 20, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through < 3.0.6. | |
| CVE-2025-1284 | Med | 0.28 | 4.3 | 0.00 | Apr 24, 2025 | The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's invoices and orders which can contain sensitive information. | |
| CVE-2025-39434 | Med | 0.28 | 4.3 | 0.00 | Apr 17, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through <= 0.1.4. | |
| CVE-2025-30777 | Med | 0.28 | 4.3 | 0.00 | Mar 27, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in DevItems Support Genix support-genix-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Support Genix: from n/a through <= 1.4.11. | |
| CVE-2025-27436 | Med | 0.28 | 4.3 | 0.00 | Mar 11, 2025 | The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. | |
| CVE-2025-27433 | Med | 0.28 | 4.3 | 0.00 | Mar 11, 2025 | The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application. | |
| CVE-2025-26660 | Med | 0.28 | 4.3 | 0.00 | Mar 11, 2025 | SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted. | |
| CVE-2024-13832 | Med | 0.28 | 4.3 | 0.00 | Feb 28, 2025 | The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |
| CVE-2024-13855 | Med | 0.28 | 4.3 | 0.00 | Feb 20, 2025 | The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, private, password protected, and restricted posts. This applies to posts created with Elementor only. | |
| CVE-2024-13841 | Med | 0.28 | 4.3 | 0.00 | Feb 7, 2025 | The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. |