Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-6969 User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode — User Shortcodes Plus 4.3 Medium2024-03-13
CVE-2024-1640 Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder 5.3 Medium2024-03-13
CVE-2024-0839 FeedWordPress <= 2022.0222 - Insecure Direct Object Referece — FeedWordPress 5.3 Medium2024-03-13
CVE-2024-23112 Fortinet FortiOS 和 FortiProxy 安全漏洞 — FortiOS 7.2 High2024-03-12
CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero — go-zero 9.1 Critical2024-03-06
CVE-2024-1470 Elevation of Privilege attack on NetIQ Client login extension — NetIQ Client Login Extension 7.1 High2024-02-20
CVE-2024-25983 Msa-24-0006: idor on dashboard comments block 3.5 Low2024-02-19
CVE-2024-22455 Dell E-Lab Navigator 安全漏洞 — Mobility - E-Lab Navigator 4.4 Medium2024-02-14
CVE-2023-6724 IDOR in Simgesel Software's Hearing Tracking System (Barosel) — Hearing Tracking System 8.8 High2024-02-09
CVE-2023-6515 IDOR in Mia Technology's Mia-Med — MİA-MED 8.8 High2024-02-08
CVE-2024-1075 Minimal Coming Soon – Coming Soon Page <= 2.37 - Unauthenticated Maintenance Mode Bypass — Minimal Coming Soon – Coming Soon Page 3.7 Low2024-02-05
CVE-2023-6983 Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure — Display custom fields in the frontend – Post and User Profile Fields 4.3 Medium2024-02-05
CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) — Contact Form builder with drag & drop for WordPress – Kali Forms 7.5 High2024-01-31
CVE-2024-0580 Omission of key-controlled authorization in Qsige — Sinergia, Sinergia 2.0, and Sinergia Corporativo 6.5 Medium2024-01-18
CVE-2023-6504 Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor 4.3 Medium2024-01-11
CVE-2023-6875 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 9.8 Critical2024-01-11
CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending — WP 2FA – Two-factor authentication for WordPress 4.3 Medium2024-01-11
CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 4.3 Medium2024-01-11
CVE-2023-48783 Fortinet PortiPortal 安全漏洞 — FortiPortal 4.9 Medium2024-01-10
CVE-2023-49251 Siemens SIMATIC CN 4100 安全漏洞 — SIMATIC CN 4100 8.8 High2024-01-09
CVE-2024-0264 SourceCodester Clinic Queuing System LoginRegistration.php authorization — Clinic Queuing System 7.3 High2024-01-07
CVE-2023-51502 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Stripe Payment Gateway 7.5 High2024-01-05
CVE-2023-51503 WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR) — WooPayments – Fully Integrated Solution Built and Supported by Woo 5.9 Medium2023-12-31
CVE-2023-46646 GitHub Enterprise Server 安全漏洞 — Enterprise Server 5.3 Medium2023-12-21
CVE-2023-49765 WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR) — Rate my Post – WP Rating System 4.3 Medium2023-12-21
CVE-2023-47191 WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR) — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 6.5 Medium2023-12-21
CVE-2023-32799 WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR) — Shipping Multiple Addresses 6.5 Medium2023-12-21
CVE-2023-32747 WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Bookings 5.4 Medium2023-12-21
CVE-2023-35914 WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR) — Woo Subscriptions 7.5 High2023-12-20
CVE-2023-35916 WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR) — WooPayments – Fully Integrated Solution Built and Supported by Woo 7.5 High2023-12-20

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.