Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,771)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0580 1Idmsistemas 1Sinergia Nov 21, 2024 Jan 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the param...Show more Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc.Show less
CVE-2023-7031 1Avaya 1Aura Experience Portal Nov 21, 2024 Jan 17, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions inclu...Show more Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.Show less
CVE-2023-36235 1Webkul 1Qloapps Jun 10, 2025 Jan 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
CVE-2023-6824 1Marvinlabs 1Wp Customer Area Jun 11, 2025 Jan 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.
CVE-2024-22206 1Clerk 1Javascript Nov 21, 2024 Jan 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3...Show more Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. Show less
CVE-2023-6875 1Wpexperts 1Post Smtp Apr 8, 2026 Jan 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on...Show more The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. CVE-2023-52233 appears to be a duplicate of this issue.Show less
CVE-2023-6504 1Cozmoslabs 1Profile Builder Apr 8, 2026 Jan 11, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_userm...Show more The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata.Show less
CVE-2023-6506 1Wpwhitesecurity 1Wp 2fa Apr 8, 2026 Jan 11, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing valid...Show more The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.Show less
CVE-2023-6223 1Thimpress 1Learnpress Apr 8, 2026 Jan 11, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'use...Show more The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress.Show less
CVE-2023-6630 1Rocklobster 1Contact Form 7 Apr 8, 2026 Jan 11, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortco...Show more The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.Show less
CVE-2023-48783 1Fortinet 1Fortiportal Nov 21, 2024 Jan 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote aut...Show more An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.Show less
CVE-2023-49251 1Siemens 1Simatic Cn 4100 Firmware Dec 16, 2025 Jan 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device....Show more A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.Show less
CVE-2024-0264 1Oretnom23 1Clinic Queuing System Nov 21, 2024 Jan 7, 2024 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formTo...Show more A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820.Show less
CVE-2023-51502 1Automattic 1Woocommerce Stripe Apr 28, 2026 Jan 5, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.
CVE-2023-50342 1Hcltech 1Dryice Myxalytics Jun 3, 2025 Jan 3, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control.
CVE-2023-45893 1Floorsightsoftware 1Customer Portal Nov 21, 2024 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
CVE-2023-45892 1Floorsightsoftware 1Insight May 13, 2025 Jan 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
CVE-2023-51503 1Automattic 1Woopayments Apr 28, 2026 Dec 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Support...Show more Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.Show less
CVE-2023-50267 1Metersphere 1Metersphere Nov 21, 2024 Dec 28, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10...Show more MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.Show less
CVE-2023-46646 1Github 1Enterprise Server Dec 16, 2024 Dec 21, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access...Show more Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.Show less

Previous 1...646566...89 Next