Fallos del tipo CWE-639
1565 resultadosCVE-2025-68997MEDIUMWordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-9835MEDIUMmacrozheng mall cancelUserOrder cancelOrder authorizationEPSS 0.3%CVE-2026-6965MEDIUMTutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET ParameterEPSS 0.3%CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%CVE-2026-40043HIGHPachno 1.0.6 Authentication Bypass via runSwitchUser()EPSS 0.3%CVE-2024-12309MEDIUMRate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled PostsEPSS 0.3%CVE-2026-4630MEDIUMKeycloak: keycloak: unauthorized resource access and data modification via insecure direct object referenceEPSS 0.3%CVE-2026-34832MEDIUMScoold: Cross-Account Feedback Deletion (IDOR)EPSS 0.3%CVE-2026-35478HIGHInvenTree has Arbitrary API Token CreationEPSS 0.3%CVE-2024-12131MEDIUMWP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-28503MEDIUMTandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404EPSS 0.3%CVE-2024-10779MEDIUMCowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-13832MEDIUMUltra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post DisclosureEPSS 0.3%CVE-2024-13873MEDIUMWP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo DisconnectionEPSS 0.3%CVE-2026-42456MEDIUMAnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)EPSS 0.3%CVE-2026-6570MEDIUMkodcloud KodExplorer systemMember.class.php initInstall authorizationEPSS 0.3%CVE-2026-3605HIGHVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-ServiceEPSS 0.3%CVE-2024-33373MEDIUMAn issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords forEPSS 0.3%CVE-2025-13110MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'EPSS 0.3%CVE-2026-54105MEDIUMU.S. GAO EPDS and CBCA EDS user information disclosureEPSS 0.3%