VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 43 of 54
  • CVE-2024-10796MedNov 21, 2024
    risk 0.21cvss 4.3epss 0.00

    The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2024-10696MedNov 21, 2024
    risk 0.21cvss 4.3epss 0.00

    The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template…

  • CVE-2024-10794MedNov 13, 2024
    risk 0.21cvss 4.3epss 0.00

    The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2024-10688MedNov 9, 2024
    risk 0.21cvss 4.3epss 0.00

    The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with…

  • CVE-2024-10667MedNov 9, 2024
    risk 0.21cvss 4.3epss 0.00

    The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with…

  • CVE-2023-7049MedAug 16, 2024
    risk 0.21cvss 4.3epss 0.00

    The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for…

  • CVE-2024-6410MedJul 10, 2024
    risk 0.21cvss 4.3epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it…

  • CVE-2024-5942MedJun 29, 2024
    risk 0.21cvss 4.3epss 0.00

    The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with…

  • CVE-2024-5639MedJun 21, 2024
    risk 0.21cvss 4.3epss 0.00

    The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for…

  • CVE-2024-5438MedJun 7, 2024
    risk 0.21cvss 4.3epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible…

  • CVE-2023-6897MedApr 18, 2024
    risk 0.21cvss 4.3epss 0.00

    The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated…

  • CVE-2024-0366MedFeb 5, 2024
    risk 0.21cvss 4.3epss 0.01

    The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view…

  • CVE-2023-6504MedJan 11, 2024
    risk 0.21cvss 4.3epss 0.00

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and…

  • CVE-2023-6223MedJan 11, 2024
    risk 0.21cvss 4.3epss 0.00

    The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for…

  • CVE-2022-3995MedNov 29, 2022
    risk 0.21cvss 4.3epss 0.01

    The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated…

  • CVE-2026-43883MedMay 11, 2026
    risk 0.20cvss 4.2epss 0.00

    WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A…

  • CVE-2026-35624MedApr 9, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud…

  • CVE-2026-35617MedApr 9, 2026
    risk 0.20cvss 4.2epss 0.00

    OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected…

  • CVE-2026-4958LowMar 27, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id…

  • CVE-2026-4549LowMar 22, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack…