Weaknesses of type CWE-639
1,549 resultsCVE-2026-54097HIGHFile Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefixEPSS 0.4%CVE-2024-33542MEDIUMWordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-50687CRITICALSunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService APIEPSS 0.4%CVE-2024-5639MEDIUMUser Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture UpdateEPSS 0.4%CVE-2024-52507LOWShare information of the Nextcloud Tables app is not limited to affected usersEPSS 0.4%CVE-2024-9262MEDIUMUser Meta – User Profile Builder and User management plugin <= 3.1.1 - Insecure Direct Object Reference to Sensitive Information ExposureEPSS 0.4%CVE-2025-49952MEDIUMWordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-12854MEDIUMnewbee-mall-plus seckillExecution executeSeckill authorizationEPSS 0.4%CVE-2024-38447HIGHNATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs toEPSS 0.4%CVE-2021-36865LOWWordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerabilityEPSS 0.4%CVE-2026-34046HIGHLangflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership CheckEPSS 0.4%CVE-2022-36966MEDIUMInsecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6EPSS 0.4%CVE-2025-51628HIGHInsecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthentEPSS 0.4%CVE-2025-26965MEDIUMWordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-32823MEDIUMWordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-5326MEDIUMSourceCodester Leave Application System User Information index.php authorizationEPSS 0.4%CVE-2026-9185HIGH6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' ParameterEPSS 0.4%CVE-2024-11285CRITICALWP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account TakeoverEPSS 0.4%CVE-2025-12903HIGHPayment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction FraudEPSS 0.4%CVE-2023-3998MEDIUMwpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/DecreaseEPSS 0.4%