CWE-639
Authorization Bypass Through User-Controlled Key
BaseIncompleteLikelihood: High
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (680)
page 29 of 34| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-12046 | Med | 0.28 | 4.3 | 0.00 | Feb 4, 2025 | The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts. | |
| CVE-2024-13607 | Med | 0.28 | 4.3 | 0.00 | Feb 4, 2025 | The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user. | |
| CVE-2025-22695 | Med | 0.28 | 4.3 | 0.00 | Feb 3, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support nirweb-support.This issue affects Nirweb support: from n/a through <= 3.0.3. | |
| CVE-2024-10775 | Med | 0.28 | 4.3 | 0.00 | Jan 15, 2025 | The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | |
| CVE-2024-12116 | Med | 0.28 | 4.3 | 0.00 | Jan 11, 2025 | The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | |
| CVE-2024-11915 | Med | 0.28 | 4.3 | 0.00 | Jan 11, 2025 | The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | |
| CVE-2024-12472 | Med | 0.28 | 4.3 | 0.00 | Jan 11, 2025 | The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. | |
| CVE-2024-10797 | Med | 0.28 | 4.3 | 0.00 | Dec 21, 2024 | The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | |
| CVE-2024-55186 | Med | 0.28 | 4.3 | 0.00 | Dec 20, 2024 | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users. | |
| CVE-2024-10690 | Med | 0.28 | 4.3 | 0.00 | Dec 14, 2024 | The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. | |
| CVE-2024-12447 | Med | 0.28 | 4.3 | 0.00 | Dec 14, 2024 | The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. | |
| CVE-2024-11275 | Med | 0.28 | 4.3 | 0.00 | Dec 13, 2024 | The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users. | |
| CVE-2024-12306 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2024 | Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | |
| CVE-2024-12305 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2024 | An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available. | |
| CVE-2024-10692 | Med | 0.28 | 4.3 | 0.00 | Dec 6, 2024 | The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |
| CVE-2024-10689 | Med | 0.28 | 4.3 | 0.00 | Dec 6, 2024 | The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | |
| CVE-2024-10777 | Med | 0.28 | 4.3 | 0.00 | Dec 5, 2024 | The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | |
| CVE-2024-12099 | Med | 0.28 | 4.3 | 0.00 | Dec 4, 2024 | The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |
| CVE-2024-12062 | Med | 0.28 | 4.3 | 0.00 | Dec 3, 2024 | The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | |
| CVE-2024-10868 | Med | 0.28 | 4.3 | 0.00 | Nov 23, 2024 | The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. |