Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-8428 1Ultimatemember 1Forumwp Apr 8, 2026 Sep 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to...Show more The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.Show less
CVE-2024-1744 1Accordors 1Accord Ors Jun 3, 2026 Sep 6, 2024 9.2 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1.
CVE-2024-8292 1Plechevandrey 1Wp Recall Sep 12, 2024 Sep 6, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly veri...Show more The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.Show less
CVE-2024-8123 1Wpextended 1Wp Extended Sep 6, 2024 Sep 4, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validatio...Show more The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.Show less
CVE-2024-45232 1In2code 1Powermail Aug 30, 2024 Aug 29, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacke...Show more An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0Show less
CVE-2024-40395 1Ptc 1Thingworx Mar 25, 2025 Aug 27, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
CVE-2024-43916 1Dylanjkotze 1Zephyr Project Manager Sep 12, 2024 Aug 26, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
CVE-2024-8158 19front 1Lib9p Sep 12, 2024 Aug 25, 2024 8.8 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not proper...Show more A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches the client UID returned from the factotum authentication handshake. The only filesystem making use of these functions within the base 9front systems is the experimental hjfs disk filesystem, other disk filesystems (cwfs and gefs) are not affected by this bug. This bug was inherited from Plan 9 and is present in all versions of 9front and is remedied fully in commit 9645ae07eb66a59015e3e118d0024790c37400da.Show less
CVE-2024-7848 1Mediajedi 1User Private Files Sep 26, 2024 Aug 22, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing valid...Show more The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user's private files.Show less
CVE-2024-43350 - - Aug 19, 2024 Aug 18, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4.
CVE-2024-43322 1Zephyr One 1Zephyr Project Manager Feb 11, 2025 Aug 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.
CVE-2024-43315 - - Aug 19, 2024 Aug 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.
CVE-2024-43288 1Gvectors 1Wpforo Forum Feb 6, 2025 Aug 18, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
CVE-2024-43266 1Wpjobportal 1Wp Job Portal Apr 23, 2026 Aug 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8.
CVE-2024-43239 1Masteriyo 1Masteriyo Apr 23, 2026 Aug 18, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
CVE-2024-42464 1Upkeeper 1Upkeeper Manager Aug 28, 2024 Aug 16, 2024 7.6 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Mana...Show more Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.Show less
CVE-2024-42463 1Upkeeper 1Upkeeper Manager Aug 28, 2024 Aug 16, 2024 8.6 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Mana...Show more Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.Show less
CVE-2023-7049 - - Aug 19, 2024 Aug 16, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the '...Show more The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.Show less
CVE-2024-27730 1Friendica 1Friendica Jun 4, 2025 Aug 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVE-2024-6534 1Monospace 1Directus May 19, 2025 Aug 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'PO...Show more Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.Show less

Previous 1...565758...89 Next