CWE-639
Authorization Bypass Through User-Controlled Key
BaseIncompleteLikelihood: High
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (680)
page 9 of 34| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13457 | Hig | 0.49 | 7.5 | 0.00 | Jan 10, 2026 | The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square "ccof" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site. | |
| CVE-2018-25129 | Hig | 0.49 | 7.5 | 0.00 | Dec 24, 2025 | SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard. | |
| CVE-2025-67909 | Hig | 0.49 | 7.5 | 0.00 | Dec 24, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3. | |
| CVE-2025-13474 | Hig | 0.49 | 7.5 | 0.00 | Dec 16, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8. | |
| CVE-2025-13124 | Hig | 0.49 | 7.6 | 0.00 | Dec 11, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025. | |
| CVE-2025-13003 | Hig | 0.49 | 7.6 | 0.00 | Dec 11, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0. | |
| CVE-2025-12903 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permission_callback set to __return_true and processing user-supplied token IDs without verifying ownership or authentication. This makes it possible for unauthenticated attackers to retrieve payment method nonces for any stored payment token in the system, which can be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions. | |
| CVE-2025-11517 | Hig | 0.49 | 7.5 | 0.00 | Oct 18, 2025 | The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment. This makes it possible for unauthenticated attackers to obtain access to paid tickets, without paying for them, causing a loss of revenue for the target. | |
| CVE-2025-9902 | Hig | 0.49 | 7.5 | 0.00 | Oct 13, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025. | |
| CVE-2025-5261 | Hig | 0.49 | 7.5 | 0.00 | Aug 20, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5. | |
| CVE-2025-53208 | Hig | 0.49 | 7.5 | 0.00 | Aug 20, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through <= 1.2.0. | |
| CVE-2025-51628 | Hig | 0.49 | 7.5 | 0.00 | Aug 5, 2025 | Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter. | |
| CVE-2025-51869 | Hig | 0.49 | 7.5 | 0.00 | Jul 21, 2025 | Insecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted space_id, thread_id, and message_id parameters to the v1/space/{space_id}/thread/{thread_id}/message/{message_id} endpoint. | |
| CVE-2025-51868 | Hig | 0.49 | 7.5 | 0.00 | Jul 21, 2025 | Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conversation_id parameter to the conversation_history endpoint. | |
| CVE-2025-4129 | Hig | 0.49 | 7.5 | 0.00 | Jul 21, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.05.2025. | |
| CVE-2025-1469 | Hig | 0.49 | 7.5 | 0.00 | Jul 21, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 11.03.2025. | |
| CVE-2025-3091 | Hig | 0.49 | 7.5 | 0.00 | Jun 24, 2025 | An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password. | |
| CVE-2024-11216 | Hig | 0.49 | 7.6 | 0.00 | Mar 5, 2025 | Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: before 3.1.5. | |
| CVE-2025-0352 | Hig | 0.49 | 7.5 | 0.00 | Feb 20, 2025 | Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. | |
| CVE-2024-39033 | Hig | 0.49 | 7.5 | 0.00 | Feb 6, 2025 | In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen. |