CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
1,571 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 7 of 32
- CVE-2022-32277MEDIUMCVSS 5.3EG 5.32022-09-06
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and th…
- CVE-2022-3282MEDIUMCVSS 4.3EG 4.32022-10-17
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the…
- CVE-2022-33077HIGHCVSS 7.5EG 7.52022-10-19
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
- CVE-2022-3331LOWCVSS 3.5EG 4.32022-10-17
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure di…
- CVE-2022-3343LOWCVSS 3.5EG 3.52023-01-09
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing…
- CVE-2022-33944MEDIUMCVSS 6.5EG 6.52022-07-20
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.
- CVE-2022-3413MEDIUMCVSS 4.3EG 4.32022-11-10
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or M…
- CVE-2022-34138HIGHCVSS 7.5EG 7.52023-02-03
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.
- CVE-2022-34150HIGHCVSS 7.1EG 5.42022-07-20
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
- CVE-2022-3459MEDIUMCVSS 5.3EG 5.32024-09-14
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. Thi…
- CVE-2022-34621MEDIUMCVSS 6.5EG 6.52022-08-19
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.
- CVE-2022-34769MEDIUMCVSS 6.3EG 5.52022-08-05
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. Howe…
- CVE-2022-34770MEDIUMCVSS 4.6EG 7.52022-08-22
Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each…
- CVE-2022-34775MEDIUMCVSS 6.3EG 7.52022-08-22
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/ma…
- CVE-2022-3511MEDIUMCVSS 6.5EG 6.52022-11-28
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported …
- CVE-2022-3589HIGHCVSS 8.1EG 8.12022-11-21
An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a …
- CVE-2022-36202CRITICALCVSS 9.8EG 9.82022-08-31
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
- CVE-2022-36247CRITICALCVSS 9.1EG 9.12023-05-30
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.
- CVE-2022-36284MEDIUMCVSS 6.4EG 6.52022-08-05
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the e…
- CVE-2022-36539HIGHCVSS 7.5EG 7.52022-09-07
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children.
- CVE-2022-36966MEDIUMCVSS 5.4EG 5.42022-10-20
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.
- CVE-2022-3794MEDIUMCVSS 5.4EG 4.32022-12-22
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and m…
- CVE-2022-3805HIGHCVSS 8.6EG 7.52022-12-22
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obta…
- CVE-2022-3846HIGHCVSS 7.5EG 7.52022-12-05
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
- CVE-2022-3876MEDIUMCVSS 4.3EG 6.52022-12-19
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of…
- CVE-2022-38765MEDIUMCVSS 6.5EG 6.52022-12-09
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.
- CVE-2022-38789CRITICALCVSS 9.1EG 9.12022-09-15
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.
- CVE-2022-3891MEDIUMCVSS 5.3EG 5.32023-02-13
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary pos…
- CVE-2022-39018HIGHCVSS 8.2EG 7.52022-10-31
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
- CVE-2022-3930MEDIUMCVSS 6.5EG 6.52022-12-12
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
- CVE-2022-39945MEDIUMCVSS 5.4EG 6.52022-11-02
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other…
- CVE-2022-3995MEDIUMCVSS 4.3EG 4.32022-11-29
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. Th…
- CVE-2022-40186CRITICALCVSS 9.1EG 9.12022-09-22
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrit…
- CVE-2022-40205MEDIUMCVSS 5.4EG 4.32022-11-08
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved.
- CVE-2022-40206MEDIUMCVSS 6.3EG 4.32022-11-08
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.
- CVE-2022-40319HIGHCVSS 7.5EG 7.52023-01-17
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
- CVE-2022-4097MEDIUMCVSS 5.3EG 5.32022-12-12
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
- CVE-2022-41479HIGHCVSS 7.5EG 7.52022-10-18
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) v…
- CVE-2022-42067MEDIUMCVSS 4.3EG 4.32022-10-14
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability
- CVE-2022-42129MEDIUMCVSS 4.3EG 4.32022-11-15
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form …
- CVE-2022-42175HIGHCVSS 8.8EG 8.82023-07-05
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.
- CVE-2022-4239MEDIUMCVSS 6.5EG 6.52022-12-26
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to…
- CVE-2022-43326HIGHCVSS 7.5EG 7.52022-11-29
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.
- CVE-2022-4340MEDIUMCVSS 5.3EG 5.32023-01-02
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time an…
- CVE-2022-43450MEDIUMCVSS 4.3EG 4.32023-12-19
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2.
- CVE-2022-43492MEDIUMCVSS 4.3EG 8.82022-11-18
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
- CVE-2022-44005MEDIUMCVSS 5.3EG 5.32022-11-16
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is p…
- CVE-2022-4417MEDIUMCVSS 5.3EG 5.32023-01-02
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place…
- CVE-2022-4505HIGHCVSS 8.8EG 4.32022-12-15
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
- CVE-2022-45175MEDIUMCVSS 6.5EG 6.52023-04-14
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in th…
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →