Weaknesses of type CWE-639
1,528 resultsCVE-2024-8428HIGHForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.5%CVE-2024-8601HIGHImproper Access Control Vulnerability in TechExcel Back Office SoftwareEPSS 0.5%CVE-2024-47047HIGHAn issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, reEPSS 0.5%CVE-2024-10696MEDIUMUltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template ShortcodeEPSS 0.5%CVE-2023-6824MEDIUMWP Customer Area < 8.2.1 - Subscriber+ Account Address LeakEPSS 0.5%CVE-2024-1640MEDIUMContact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission AlterationEPSS 0.5%CVE-2024-1626CRITICALIDOR Vulnerability in lunary-ai/lunaryEPSS 0.5%CVE-2026-1496CRITICALCoverity CLI Authentication BypassEPSS 0.5%CVE-2025-27719MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.5%CVE-2024-7474CRITICALIDOR in lunary-ai/lunaryEPSS 0.5%CVE-2025-31945MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.5%CVE-2023-48641HIGHArcher Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious uEPSS 0.5%CVE-2026-6072MEDIUMOliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' HeaderEPSS 0.5%CVE-2024-11181MEDIUMGreenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.5%CVE-2022-38765MEDIUMCanon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorEPSS 0.5%CVE-2024-39319MEDIUMaimeos/ai-controller-frontend has IDOR vulnerability in account profile pageEPSS 0.5%CVE-2023-23679MEDIUMWordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2025-2526HIGHStreamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account TakeoverEPSS 0.5%CVE-2023-6983MEDIUMDisplay custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta DisclosureEPSS 0.5%CVE-2023-6969MEDIUMUser Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta ShortcodeEPSS 0.5%