CWE-639: CWE-639

This vulnerability allows attackers to bypass authorization controls in RadiusTheme Radius Blocks WordPress plugin by manipulating user-controlled key...

This vulnerability in the HUSKY – Products Filter Professional for WooCommerce WordPress plugin allows authenticated attackers with subscriber-level...

InvoicePlane versions before commit debb446c are vulnerable to an authorization bypass that allows users to view invoices belonging to other accounts....

Nextcloud Server 30.0.0 contains an Insecure Direct Object Reference (IDOR) vulnerability in the /core/preview endpoint. Authenticated users can acces...

The Ultra Addons for Contact Form 7 WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level a...

This vulnerability allows authenticated users in GroupSession to modify memo fields in Circular notices that should be non-editable due to improper au...

This vulnerability allows authenticated GitLab users to access sensitive information from private projects by crafting specific GraphQL queries. It af...

This vulnerability allows attackers to bypass authorization mechanisms by manipulating user-controlled keys in DijiDemi software, potentially accessin...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the ThimPress Thim Elementor Kit WordPress plugin. Attackers can bypass...

CVE-2025-66553 is an authorization bypass vulnerability in Nextcloud Tables where authenticated users can view metadata of columns in other tables by ...

Nextcloud Tables had an authorization bypass vulnerability where unprivileged users could view which tables were shared with which groups/users and th...

This vulnerability allows non-privileged Nextcloud users to modify tags on files they shouldn't have access to through bulk tagging operations. It aff...

This vulnerability in the HUSKY – Products Filter Professional for WooCommerce WordPress plugin allows authenticated attackers with subscriber-level...

Grav CMS versions before 1.8.0-beta.27 contain an IDOR vulnerability in the admin panel that allows low-privilege users to access sensitive informatio...

This IDOR vulnerability in classroomio 0.1.13 allows students to temporarily access admin/teacher endpoints by manipulating course IDs in URLs, leadin...

This vulnerability allows unauthenticated attackers to impersonate any WordPress user and inject arbitrary messages into WooCommerce order conversatio...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to rename files uploaded by other users via the Fronten...

The ELEX WordPress HelpDesk plugin has an Insecure Direct Object Reference vulnerability that allows authenticated users with Subscriber-level access ...

This vulnerability in the Return Refund and Exchange For WooCommerce WordPress plugin allows authenticated attackers with Subscriber-level access or h...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to replace media files belonging to other users, inclu...

This vulnerability allows authenticated WordPress users with author-level permissions or higher to attach arbitrary image files to any location within...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete wishlist items from other users' wishlists. I...

The Groups plugin for WordPress has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to manipulate other users' time clock entries by exploi...

The Flexible Refund and Return Order for WooCommerce WordPress plugin has an authorization flaw that allows authenticated users (even with basic subsc...

The Moodle OpenAI Chat Block plugin has an Insecure Direct Object Reference vulnerability that allows authenticated students to impersonate other user...

The Quick Featured Images WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Author-level...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal and DXP that allows authenticated users in one virtual i...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Liferay DXP that allows authenticated users from one virtual instance t...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal and DXP that allows authenticated users to access other ...

IMPAQTR Aurora versions before 1.36 contain an Insecure Direct Object Reference (IDOR) vulnerability that allows authenticated users to access other u...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal and DXP that allows authenticated users from one virtual...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner software that allows authenticated users to access con...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner software. Authenticated users can access planning coun...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner software that allows authenticated users to access con...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner software that allows authenticated users to access bas...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner that allows authenticated users to access calendar det...

This IDOR vulnerability in BOLD Workplanner allows authenticated users to access time records details using unauthorized internal identifiers due to i...

An Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner allows authenticated users to access basic contract details using unautho...

An Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal and DXP allows authenticated users from one virtual instance to add notes t...

An insecure direct object reference (IDOR) vulnerability in Liferay's Contacts Center widget allows remote attackers to access contact information the...

CVE-2025-10719 is an Insecure Direct Object Reference vulnerability in Tronclass by WisdomGarden that allows authenticated users to access other users...

An Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal and DXP allows authenticated users to access workflow definitions by name v...

This vulnerability allows attackers to bypass authorization controls in wpForo Forum by manipulating user-controlled keys, potentially accessing unaut...

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability where authenticated users can manipu...

An authenticated SOGo Webmail user can send emails impersonating other users by manipulating sender identifiers in email requests. This IDOR vulnerabi...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the eyecix JobSearch WordPress plugin that allows attackers to bypass a...

The Homey WordPress theme has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access or hi...

This vulnerability in Moodle allows unauthorized users to access RSS feeds due to insufficient permission checks. Any Moodle instance with RSS feeds e...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to view other users' invoices and orders containing sen...