CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1033

1033 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-24991	WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability — Extensions For CF7	8.1^AI	High^AI	2026-02-03
CVE-2026-1664	Insecure Direct Object Reference (IDOR) via Header-Based Email Routing	7.5^AI	High^AI	2026-02-03
CVE-2026-1375	Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion — Tutor LMS – eLearning and online course solution	8.1	High	2026-02-03
CVE-2026-0909	WP ULike <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter — WP ULike – Like & Dislike Buttons for Engagement and Feedback	5.3	Medium	2026-02-03
CVE-2025-69207	Khoj has an IDOR in Notion OAuth Flow Enables Index Poisoning — khoj	5.4	Medium	2026-02-02
CVE-2026-1251	SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object Reference — SupportCandy – Helpdesk & Customer Support Ticket System	5.4	Medium	2026-01-31
CVE-2025-36365	IBM Db2 Privilege Escalation — Db2 for Linux, UNIX and Windows	6.8	Medium	2026-01-30
CVE-2020-37008	EasyPMS 1.0.0 - Authentication Bypass — EasyPMS	7.5	High	2026-01-29
CVE-2025-7013	IDOR in QRMenumPro's Menu Panel — Menu Panel	5.7	Medium	2026-01-29
CVE-2026-1389	Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion — Document Embedder – Embed PDFs, Word, Excel, and Other Files	4.3	Medium	2026-01-28
CVE-2026-24134	StudioCMS has an Authorization Bypass Through User-Controlled Key — studiocms	6.5	Medium	2026-01-27
CVE-2026-1213	Askbot 0.12.2 - Insecure Direct Object Reference (IDOR) — askbot	4.3^AI	Medium^AI	2026-01-27
CVE-2025-14459	Virt-cdi-controller: unauthorized pvc cloning via dataimportcron — RHEL-9-CNV-4.19	8.5	High	2026-01-26
CVE-2025-9520	IDOR Leading to Owner Account Hijacking in Omada Controller — Omada Controller	6.5^AI	Medium^AI	2026-01-26
CVE-2026-24136	Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API — saleor	7.5	-	2026-01-23
CVE-2026-24634	WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability — Ultimate Reviews	8.1	-	2026-01-23
CVE-2026-24631	WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability — Rosebud	5.4	Medium	2026-01-23
CVE-2026-24599	WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability — NextMove Lite	9.1	-	2026-01-23
CVE-2026-1201	Authorization Bypass Through User-Controlled Key in Hubitat Elevation Hubs — Elevation C3	9.9^AI	Critical^AI	2026-01-22
CVE-2026-24379	WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability — WP Job Portal	4.3	Medium	2026-01-22
CVE-2026-22426	WordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability — Sweet Jane	5.4	Medium	2026-01-22
CVE-2026-22430	WordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability — Verdure	5.4	Medium	2026-01-22
CVE-2026-22407	WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability — Roam	5.4	Low	2026-01-22
CVE-2026-22406	WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability — Overton	5.4	Low	2026-01-22
CVE-2026-22409	WordPress Justicia theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability — Justicia	5.4	Low	2026-01-22
CVE-2026-22411	WordPress Dolcino theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability — Dolcino	5.4	Low	2026-01-22
CVE-2026-22398	WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability — Fleur	5.4	Medium	2026-01-22
CVE-2026-22400	WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability — Holmes	5.4	Medium	2026-01-22
CVE-2026-22404	WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability — Innovio	5.4	Low	2026-01-22
CVE-2026-22393	WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability — Curly	5.4	Medium	2026-01-22

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1033 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1033