CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3216 vulnerabilities reference this CWE, most recent first.
CVE-2024-23112 (GCVE-0-2024-23112)
Vulnerability from cvelistv5 – Published: 2024-03-12 15:09 – Updated: 2024-08-01 22:51- CWE-639 - Improper access control
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiOS |
Affected:
7.4.0 , ≤ 7.4.1
(semver)
Affected: 7.2.0 , ≤ 7.2.6 (semver) Affected: 7.0.1 , ≤ 7.0.13 (semver) Affected: 6.4.7 , ≤ 6.4.14 (semver) |
|
| Fortinet | FortiProxy |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| fortinet | fortios |
Affected:
7.4.0 , ≤ 7.4.1
(semver)
cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* |
|
| fortinet | fortios |
Affected:
7.2.0 , ≤ 7.2.6
(semver)
cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* |
|
| fortinet | fortios |
Affected:
7.0.1 , ≤ 7.0.13
(semver)
cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* |
|
| fortinet | fortios |
Affected:
6.4.7 , ≤ 6.4.14
(semver)
cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* |
|
| fortinet | fortiproxy |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:* |
|
| fortinet | fortiproxy |
Affected:
7.2.0 , ≤ 7.2.8
(semver)
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* |
|
| fortinet | fortiproxy |
Affected:
7.0.0 , ≤ 7.0.14
(semver)
cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortios",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.14",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiproxy",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiproxy",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "fortiproxy",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-16T04:00:42.744773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T15:56:14.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-013",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.6",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.14",
"status": "affected",
"version": "6.4.7",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user\u2019s bookmark via URL manipulation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T15:09:17.877Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-013",
"url": "https://fortiguard.com/psirt/FG-IR-24-013"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-23112",
"datePublished": "2024-03-12T15:09:17.877Z",
"dateReserved": "2024-01-11T16:29:07.979Z",
"dateUpdated": "2024-08-01T22:51:11.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22455 (GCVE-0-2024-22455)
Vulnerability from cvelistv5 – Published: 2024-02-14 07:01 – Updated: 2024-10-30 15:06- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022201… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Mobility - E-Lab Navigator |
Affected:
3.1.9 , ≤ 3.2.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:35.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222015/dsa-2024-073-security-update-for-mobility-e-lab-navigator-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:12:06.138868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:16.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mobility - E-Lab Navigator",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "3.2.0",
"status": "affected",
"version": "3.1.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "iow1n3r"
}
],
"datePublic": "2024-02-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks. \u003cbr\u003e"
}
],
"value": "Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:57.786Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222015/dsa-2024-073-security-update-for-mobility-e-lab-navigator-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-22455",
"datePublished": "2024-02-14T07:01:59.081Z",
"dateReserved": "2024-01-10T15:29:59.457Z",
"dateUpdated": "2024-10-30T15:06:57.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22439 (GCVE-0-2024-22439)
Vulnerability from cvelistv5 – Published: 2024-04-15 10:08 – Updated: 2024-08-01 22:43- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | HPE FlexNetwork and FlexFabric products |
Affected:
See security bulletin HPESBNW04625 for details
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T20:21:10.000927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:46.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbnw04625en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Custom"
],
"product": "HPE FlexNetwork and FlexFabric products",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "See security bulletin HPESBNW04625 for details"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zhuo Zixiao and Alwen Tiu of Australian National University (ANU)"
}
],
"datePublic": "2024-04-11T09:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure.\u003c/span\u003e\n\n"
}
],
"value": "\nA potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T10:08:57.234Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbnw04625en_us"
}
],
"source": {
"advisory": "HPESBNW04625",
"discovery": "UNKNOWN"
},
"title": "Certain HPE FlexNetwork and FlexFabric Switches, Remote Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-22439",
"datePublished": "2024-04-15T10:08:57.234Z",
"dateReserved": "2024-01-10T15:24:39.967Z",
"dateUpdated": "2024-08-01T22:43:34.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22305 (GCVE-0-2024-22305)
Vulnerability from cvelistv5 – Published: 2024-01-31 11:49 – Updated: 2026-04-28 16:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/kal… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| ali Forms | Contact Form builder with drag & drop for WordPress – Kali Forms |
Affected:
n/a , ≤ 2.3.36
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/kali-forms/wordpress-kali-forms-plugin-2-3-38-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:30.725108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T16:00:55.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "kali-forms",
"product": "Contact Form builder with drag \u0026 drop for WordPress \u2013 Kali Forms",
"vendor": "ali Forms",
"versions": [
{
"changes": [
{
"at": "2.3.37",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.36",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Revan Arifio (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag \u0026 drop for WordPress \u2013 Kali Forms.\u003cp\u003eThis issue affects Contact Form builder with drag \u0026 drop for WordPress \u2013 Kali Forms: from n/a through 2.3.36.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag \u0026 drop for WordPress \u2013 Kali Forms.This issue affects Contact Form builder with drag \u0026 drop for WordPress \u2013 Kali Forms: from n/a through 2.3.36."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:09.816Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/kali-forms/wordpress-kali-forms-plugin-2-3-38-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.3.37 or a higher version."
}
],
"value": "Update to\u00a02.3.37 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Contact Form builder with drag \u0026 drop - Kali Forms Plugin \u003c= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-22305",
"datePublished": "2024-01-31T11:49:29.473Z",
"dateReserved": "2024-01-08T20:58:59.274Z",
"dateUpdated": "2026-04-28T16:09:09.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22206 (GCVE-0-2024-22206)
Vulnerability from cvelistv5 – Published: 2024-01-12 20:07 – Updated: 2024-11-14 15:42| URL | Tags |
|---|---|
| https://github.com/clerk/javascript/security/advi… | x_refsource_CONFIRM |
| https://clerk.com/changelog/2024-01-12 | x_refsource_MISC |
| https://github.com/clerk/javascript/releases/tag/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| clerk | javascript |
Affected:
>= 4.7.0, < 4.29.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"name": "https://clerk.com/changelog/2024-01-12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:42:26.578504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:42:39.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "javascript",
"vendor": "clerk",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.7.0, \u003c 4.29.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T20:07:40.402Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"name": "https://clerk.com/changelog/2024-01-12",
"tags": [
"x_refsource_MISC"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
}
],
"source": {
"advisory": "GHSA-q6w5-jg5q-47vg",
"discovery": "UNKNOWN"
},
"title": "@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22206",
"datePublished": "2024-01-12T20:07:40.402Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2024-11-14T15:42:39.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21759 (GCVE-0-2024-21759)
Vulnerability from cvelistv5 – Published: 2024-07-09 15:33 – Updated: 2024-08-01 22:27- CWE-639 - Improper access control
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiPortal |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.6 (semver) |
|
| fortinet | fortiportal |
Affected:
7.0.0 , ≤ 7.0.6
(custom)
Affected: 7.2.0 , < 7.2.1 (custom) cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiportal:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortiportal",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T17:03:31.763103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T17:04:39.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiPortal",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:33:31.028Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-011"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiPortal version 7.4.0 or above \nPlease upgrade to FortiPortal version 7.2.3 or above \nPlease upgrade to FortiPortal version 7.0.8 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-21759",
"datePublished": "2024-07-09T15:33:31.028Z",
"dateReserved": "2024-01-02T10:15:00.527Z",
"dateUpdated": "2024-08-01T22:27:36.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20513 (GCVE-0-2024-20513)
Vulnerability from cvelistv5 – Published: 2024-10-02 18:23 – Updated: 2025-06-04 20:19- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Meraki MX Firmware |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:48:03.244649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:48:23.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Meraki MX Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.\r\n\n This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate."
}
],
"exploits": [
{
"lang": "en",
"value": "Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:19:53.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-QTRHzG2"
}
],
"source": {
"advisory": "cisco-sa-meraki-mx-vpn-dos-QTRHzG2",
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20513",
"datePublished": "2024-10-02T18:23:54.411Z",
"dateReserved": "2023-11-08T15:08:07.689Z",
"dateUpdated": "2025-06-04T20:19:53.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13887 (GCVE-0-2024-13887)
Vulnerability from cvelistv5 – Published: 2025-03-13 03:21 – Updated: 2026-04-08 16:33- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress |
Affected:
0 , ≤ 6.4.14
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T13:52:48.076105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T13:52:54.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress",
"vendor": "strategy11team",
"versions": [
{
"lessThanOrEqual": "6.4.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rein Daelman"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the \u0027ajax_listing_submit_image_upload\u0027 function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:49.856Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06c3de6d-92e7-46f8-86a9-37f027767fc0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3249927/business-directory-plugin/trunk/includes/class-wpbdp.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-18T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-03-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Business Directory Plugin - Easy Listing Directories for WordPress \u003c= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13887",
"datePublished": "2025-03-13T03:21:01.466Z",
"dateReserved": "2025-02-18T20:02:23.830Z",
"dateUpdated": "2026-04-08T16:33:49.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13873 (GCVE-0-2024-13873)
Vulnerability from cvelistv5 – Published: 2025-02-22 03:20 – Updated: 2026-06-03 14:31- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website |
Affected:
0 , ≤ 2.2.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-22T15:30:31.545879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T14:31:51.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Job Portal \u2013 AI-Powered Recruitment System for Company or Job Board website",
"vendor": "wpjobportal",
"versions": [
{
"lessThanOrEqual": "2.2.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tran Van Nhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:56:27.214Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3242653/wp-job-portal/tags/2.2.9/includes/classes/uploads.php?old=3238353\u0026old_path=wp-job-portal%2Ftags%2F2.2.8%2Fincludes%2Fclasses%2Fuploads.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-21T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Job Portal \u003c= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13873",
"datePublished": "2025-02-22T03:20:59.210Z",
"dateReserved": "2025-02-13T18:05:26.299Z",
"dateUpdated": "2026-06-03T14:31:51.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13841 (GCVE-0-2024-13841)
Vulnerability from cvelistv5 – Published: 2025-02-07 06:59 – Updated: 2026-04-08 16:57- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| daveshine | Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time |
Affected:
0 , ≤ 1.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:57:50.846628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:58:00.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Builder Shortcode Extras \u2013 WordPress Shortcodes Collection to Save You Time",
"vendor": "daveshine",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Builder Shortcode Extras \u2013 WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the \u0027bse-elementor-template\u0027 shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:57:29.667Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/642dc1d3-a008-4af8-ba9e-dbdd37b93126?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/builder-shortcode-extras/tags/1.0.0/includes/shortcodes/elementor.php#L116"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T18:17:38.000Z",
"value": "Disclosed"
}
],
"title": "Builder Shortcode Extras \u2013 WordPress Shortcodes Collection to Save You Time \u003c= 1.0.0 - Authenticated (Contributor+) Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13841",
"datePublished": "2025-02-07T06:59:57.552Z",
"dateReserved": "2025-02-06T01:31:10.854Z",
"dateUpdated": "2026-04-08T16:57:29.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.