Weaknesses of type CWE-639
1,528 resultsCVE-2024-37277HIGHWordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.7%CVE-2024-4537HIGHIDOR vulnerability in Janto Ticketing SoftwareEPSS 0.7%CVE-2023-0694MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcodeEPSS 0.7%CVE-2023-0693MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcodeEPSS 0.7%CVE-2022-29434MEDIUMWordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerabilityEPSS 0.7%CVE-2023-36235MEDIUMAn issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.EPSS 0.7%CVE-2022-2808HIGHIDOR in Prens Student Information SystemEPSS 0.7%CVE-2023-25403HIGHCleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username fEPSS 0.7%CVE-2022-43450MEDIUMWordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.7%CVE-2023-1417MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.1EPSS 0.7%CVE-2023-0550HIGHQuick Restaurant Menu <= 2.0.2 - Insecure Direct Object ReferenceEPSS 0.7%CVE-2023-6724HIGHIDOR in Simgesel Software's Hearing Tracking System (Barosel)EPSS 0.6%CVE-2024-1313MEDIUMUsers outside an organization can delete a snapshot with its keyEPSS 0.6%CVE-2024-45614MEDIUMHeader normalization allows for client to clobber proxy set headers in PumaEPSS 0.6%CVE-2022-0442—UsersWP < 1.2.3.1 - Subscriber+ User Avatar OverrideEPSS 0.6%CVE-2022-3794MEDIUMJeg Elementor Kit <= 2.5.6 - Authorization BypassEPSS 0.6%CVE-2024-12880HIGHPartial Account Takeover due to Insecure Data Querying in infiniflow/ragflowEPSS 0.6%CVE-2022-2730MEDIUMAuthorization Bypass Through User-Controlled Key in openemr/openemrEPSS 0.6%CVE-2024-10215CRITICALWPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password ChangeEPSS 0.6%CVE-2023-2958CRITICALIDOR in ATS ProEPSS 0.6%