Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-32823 1Blazzdev 1Rate My Post Apr 28, 2026 Apr 24, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4.
CVE-2024-32808 1Metagauss 1Profilegrid Apr 28, 2026 Apr 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
CVE-2024-32772 1Metagauss 1Profilegrid Apr 28, 2026 Apr 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
CVE-2024-32166 1Webidsupport 1Webid Jun 3, 2025 Apr 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).
CVE-2024-32683 1Wpmet 1Wp Ultimate Review Apr 28, 2026 Apr 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.
CVE-2023-6897 1Wpfactory 1Ean For Woocommerce Apr 8, 2026 Apr 18, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a us...Show more The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.Show less
CVE-2024-32604 - - Apr 28, 2026 Apr 18, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.
CVE-2024-1626 1Lunary 1Lunary Jan 31, 2025 Apr 16, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of an...Show more An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly referencing the project's ID in the PATCH request to the '/v1/projects/:projectId' endpoint. This issue arises because the endpoint does not verify if the provided project ID belongs to the currently authenticated user, enabling unauthorized modifications across different organizational projects.Show less
CVE-2023-45808 1Combodo 1Itop Feb 6, 2025 Apr 15, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointi...Show more iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0.Show less
CVE-2024-22439 - - Nov 21, 2024 Apr 15, 2024 N/A· v4 6.9 MEDIUM· v3 N/A· v2 A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure....Show more A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure. Show less
CVE-2023-51141 1Zkteco 1Biotime Apr 18, 2025 Apr 11, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
CVE-2024-1625 1Lunary 1Lunary Jan 30, 2025 Apr 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient au...Show more An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user's organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project's ID. This issue affects the project deletion functionality implemented in the projects.delete route.Show less
CVE-2024-2543 1Permalink Manager Lite Project 1Permalink Manager Lite Apr 8, 2026 Apr 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it...Show more The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts.Show less
CVE-2024-2261 - - Apr 8, 2026 Apr 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated att...Show more The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses.Show less
CVE-2024-1289 1Thimpress 1Learnpress Apr 8, 2026 Apr 9, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking u...Show more The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed.Show less
CVE-2024-0872 1Kibokolabs 1Watu Quiz Apr 8, 2026 Apr 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with con...Show more The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails.Show less
CVE-2023-6317 1Lg 1Webos Feb 7, 2025 Apr 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models aff...Show more A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA Show less
CVE-2024-27630 1Gnu 1Savane Sep 2, 2025 Apr 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
CVE-2024-31815 1Totolink 1Ex200 Firmware Jun 17, 2025 Apr 8, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVE-2024-31296 1Reputeinfosystems 1Bookingpress Apr 28, 2026 Apr 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.

Previous 1...616263...89 Next