VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 38 of 54
  • CVE-2012-5571MedDec 18, 2012
    risk 0.28cvss 5.4epss 0.02

    A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from…

  • CVE-2026-43917MedMay 29, 2026
    risk 0.27cvss epss 0.00

    Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the…

  • CVE-2026-7651MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is…

  • CVE-2026-8337MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the…

  • CVE-2026-8204MedMay 21, 2026
    risk 0.27cvss 5.3epss 0.00

    Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this…

  • CVE-2026-33052MedMay 19, 2026
    risk 0.27cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global profile despite not having manage_global_profile_threshold, by tampering with…

  • CVE-2026-44718MedMay 15, 2026
    risk 0.27cvss epss 0.00

    Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user was a…

  • CVE-2026-42572MedMay 14, 2026
    risk 0.27cvss 5.3epss 0.00

    Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user…

  • CVE-2026-6206MedMay 14, 2026
    risk 0.27cvss 5.3epss 0.00

    The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2026-45002MedMay 11, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing…

  • CVE-2026-2729MedMay 5, 2026
    risk 0.27cvss 5.3epss 0.00

    The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent…

  • CVE-2026-7702MedMay 3, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to…

  • CVE-2026-2028MedApr 24, 2026
    risk 0.27cvss 5.3epss 0.00

    The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated…

  • CVE-2026-5234MedApr 17, 2026
    risk 0.27cvss 5.3epss 0.01

    The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::create_payment_intent_for_transaction action is registered as a public action (no…

  • CVE-2026-4160MedApr 16, 2026
    risk 0.27cvss 5.3epss 0.00

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. This is due to missing authorization…

  • CVE-2025-13822MedApr 14, 2026
    risk 0.27cvss 5.3epss 0.00

    MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

  • CVE-2026-4654MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_ticket_replies_ajax() function failing to verify whether the authenticated user…

  • CVE-2026-5167MedApr 8, 2026
    risk 0.27cvss 5.3epss 0.00

    The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the…

  • CVE-2026-33759MedMar 27, 2026
    risk 0.27cvss 5.3epss 0.00

    WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/playlistsVideos.json.php` endpoint returns the full video contents of any playlist by ID without any authentication or authorization check. Private playlists (including `watch_later`…

  • CVE-2026-1219MedFeb 19, 2026
    risk 0.27cvss 5.3epss 0.00

    The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for…