CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
1,571 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 8 of 32
- CVE-2022-4550HIGHCVSS 7.5EG 7.52023-02-27
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
- CVE-2022-45927HIGHCVSS 8.8EG 8.82023-01-18
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects …
- CVE-2022-46179CRITICALCVSS 9.2EG 9.22022-12-28
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip au…
- CVE-2022-4686CRITICALCVSS 9.8EG 9.82022-12-23
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-4794HIGHCVSS 7.5EG 7.52023-01-30
The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.
- CVE-2022-4798MEDIUMCVSS 5.3EG 5.32022-12-28
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- CVE-2022-4799MEDIUMCVSS 6.5EG 6.52022-12-28
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- CVE-2022-4802MEDIUMCVSS 5.4EG 5.42022-12-28
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- CVE-2022-4803HIGHCVSS 8.8EG 8.82022-12-28
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- CVE-2022-4806MEDIUMCVSS 5.3EG 5.32022-12-28
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- CVE-2022-4811HIGHCVSS 8.3EG 8.32022-12-28
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
- CVE-2022-4812MEDIUMCVSS 6.5EG 6.52022-12-28
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
- CVE-2022-48313MEDIUMCVSS 6.5EG 6.52023-04-16
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48505MEDIUMCVSS 5.5EG 5.52023-06-28
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system
- CVE-2023-0453MEDIUMCVSS 4.3EG 4.32023-02-21
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users t…
- CVE-2023-0550HIGHCVSS 8.1EG 4.32023-01-27
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that …
- CVE-2023-0558HIGHCVSS 8.2EG 9.82023-01-27
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers …
- CVE-2023-0688MEDIUMCVSS 6.5EG 6.52023-06-09
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabiliti…
- CVE-2023-0689MEDIUMCVSS 4.3EG 4.32023-08-31
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabili…
- CVE-2023-0691MEDIUMCVSS 4.3EG 4.32023-06-09
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilit…
- CVE-2023-0692MEDIUMCVSS 4.3EG 4.32023-06-09
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capa…
- CVE-2023-0693MEDIUMCVSS 6.5EG 6.52023-06-09
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capa…
- CVE-2023-0694MEDIUMCVSS 6.5EG 6.52023-06-09
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or abo…
- CVE-2023-0749MEDIUMCVSS 6.5EG 6.52023-03-13
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as dr…
- CVE-2023-0772MEDIUMCVSS 6.5EG 6.52023-03-13
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbi…
- CVE-2023-0816MEDIUMCVSS 6.5EG 6.52023-03-27
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
- CVE-2023-0865HIGHCVSS 8.8EG 8.82023-03-20
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allo…
- CVE-2023-0882HIGHCVSS 8.8EG 8.82023-02-17
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16.
- CVE-2023-0967MEDIUMCVSS 6.5EG 6.52023-04-05
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vuln…
- CVE-2023-0985HIGHCVSS 8.8EG 8.82023-06-06
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any u…
- CVE-2023-1125MEDIUMCVSS 6.5EG 6.52023-05-02
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own.
- CVE-2023-1129MEDIUMCVSS 6.5EG 6.52023-04-24
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
- CVE-2023-1417MEDIUMCVSS 4.3EG 4.32023-04-05
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unre…
- CVE-2023-1462HIGHCVSS 8.8EG 8.82023-03-21
Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20.
- CVE-2023-1463MEDIUMCVSS 5.4EG 5.42023-03-17
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
- CVE-2023-1749MEDIUMCVSS 6.5EG 6.52023-04-04
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute.
- CVE-2023-1750HIGHCVSS 7.1EG 7.12023-04-04
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.
- CVE-2023-1889MEDIUMCVSS 6.5EG 6.52023-06-09
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it …
- CVE-2023-1911MEDIUMCVSS 4.3EG 4.32023-05-02
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example
- CVE-2023-2065HIGHCVSS 8.8EG 8.82023-05-24
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System: before 3558f28 .
- CVE-2023-21131HIGHCVSS 7.8EG 7.82023-06-15
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arb…
- CVE-2023-2172MEDIUMCVSS 4.3EG 4.32023-08-31
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos…
- CVE-2023-2173MEDIUMCVSS 6.5EG 6.52023-08-31
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_…
- CVE-2023-2190MEDIUMCVSS 6.5EG 6.52023-07-13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new…
- CVE-2023-22471LOWCVSS 3.5EG 3.52023-01-14
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workar…
- CVE-2023-2260HIGHCVSS 8.8EG 8.82023-04-24
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
- CVE-2023-2276CRITICALCVSS 9.8EG 9.82023-05-20
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controll…
- CVE-2023-23679MEDIUMCVSS 4.6EG 4.62023-06-23
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.
- CVE-2023-24625MEDIUMCVSS 6.5EG 6.52023-03-24
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
- CVE-2023-24834MEDIUMCVSS 6.5EG 6.52023-03-27
WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within UR…
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →