CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3235 vulnerabilities reference this CWE, most recent first.
CVE-2023-2065 (GCVE-0-2023-2065)
Vulnerability from cvelistv5 – Published: 2023-05-24 12:04 – Updated: 2026-05-22 11:27- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0287 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| https://https://www.usom.gov.tr/bildirim/tr-23-0287 | government-resourcex_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| Armoli Technology | Cargo Tracking System |
Affected:
0 , < 3558f28
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://https://www.usom.gov.tr/bildirim/tr-23-0287"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:37:09.932196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T15:37:12.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cargo Tracking System",
"vendor": "Armoli Technology",
"versions": [
{
"lessThan": "3558f28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Resul Melih MACIT"
}
],
"datePublic": "2023-05-24T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.\u003cp\u003eThis issue affects Cargo Tracking System: before 3558f28 .\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.\n\nThis issue affects Cargo Tracking System: before 3558f28 ."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T11:27:40.086Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0287"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0287"
}
],
"source": {
"advisory": "TR-23-0287",
"defect": [
"TR-23-0287"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Armoli Technology\u0027s Cargo Tracking System",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-2065",
"datePublished": "2023-05-24T12:04:41.020Z",
"dateReserved": "2023-04-14T10:27:06.992Z",
"dateUpdated": "2026-05-22T11:27:40.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1889 (GCVE-0-2023-1889)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:16- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads |
Affected:
0 , ≤ 7.5.4
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:23:52.547328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:36:37.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directorist: AI-Powered Business Directory, Listings \u0026 Classified Ads",
"vendor": "wpwax",
"versions": [
{
"lessThanOrEqual": "7.5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Thomas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. Please note CVE-2023-35052 appears to be a duplicate of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:16:57.999Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2920100/directorist"
},
{
"url": "https://www.wordfence.com/blog/2023/06/critical-security-update-directorist-wordpress-plugin-patches-two-high-risk-vulnerabilities/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-04T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-04-05T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-06-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Directorist \u003c= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1889",
"datePublished": "2023-06-09T05:33:29.454Z",
"dateReserved": "2023-04-05T15:54:12.176Z",
"dateUpdated": "2026-04-08T17:16:57.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1463 (GCVE-0-2023-1463)
Vulnerability from cvelistv5 – Published: 2023-03-17 00:00 – Updated: 2025-02-26 15:00- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Affected:
unspecified , < 3.0.0.23
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1463",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:59:42.911469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:00:21.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.0.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516"
}
],
"source": {
"advisory": "f6683c3b-a0f2-4615-b639-1920c8ae12e6",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1463",
"datePublished": "2023-03-17T00:00:00.000Z",
"dateReserved": "2023-03-17T00:00:00.000Z",
"dateUpdated": "2025-02-26T15:00:21.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1462 (GCVE-0-2023-1462)
Vulnerability from cvelistv5 – Published: 2023-03-21 08:16 – Updated: 2026-06-01 11:11- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0161 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Vadi Corporate Information Systems | DigiKent |
Affected:
0 , < 23.03.20
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0161"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:53:51.324760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:54:01.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DigiKent",
"vendor": "Vadi Corporate Information Systems",
"versions": [
{
"lessThan": "23.03.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mustafa Anil YILDIRIM"
}
],
"datePublic": "2023-03-21T08:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse.\u0026nbsp;\u003cspan\u003eThis issue affects DigiKent: before 23.03.20.\u003c/span\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse.\u00a0This issue affects DigiKent: before 23.03.20."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T11:11:45.384Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0161"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0161"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the version to \u0026gt;=23.03.20"
}
],
"value": "Update the version to \u003e=23.03.20"
}
],
"source": {
"advisory": "TR-23-0161",
"defect": [
"TR-23-0161"
],
"discovery": "EXTERNAL"
},
"title": "IDOR in Digikent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-1462",
"datePublished": "2023-03-21T08:16:26.952Z",
"dateReserved": "2023-03-17T07:54:13.559Z",
"dateUpdated": "2026-06-01T11:11:45.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0985 (GCVE-0-2023-0985)
Vulnerability from cvelistv5 – Published: 2023-06-06 10:06 – Updated: 2025-01-07 19:20- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| MB Connect Line | mbCONNECT24 |
Affected:
1.0.0 , ≤ 2.13.3
(semver)
|
|
| MB Connect Line | mymbCONNECT24 |
Affected:
1.0.0 , ≤ 2.13.3
(semver)
|
|
| Helmholz | myREX24 |
Affected:
0 , ≤ 2.13.3
(semver)
|
|
| Helmholz | myREX24.virtual |
Affected:
0 , ≤ 2.13.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:45.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T19:19:39.189272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:20:21.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hussein Alsharafi"
}
],
"datePublic": "2023-05-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T10:06:48.102Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"source": {
"advisory": "VDE-2023-002",
"defect": [
"CERT@VDE#64404"
],
"discovery": "UNKNOWN"
},
"title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-0985",
"datePublished": "2023-06-06T10:06:48.102Z",
"dateReserved": "2023-02-23T14:11:49.473Z",
"dateUpdated": "2025-01-07T19:20:21.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0882 (GCVE-0-2023-0882)
Vulnerability from cvelistv5 – Published: 2023-02-17 06:44 – Updated: 2026-06-01 11:58- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://docs.krontech.com/singleconnect-2-16/upda… | |
| https://www.usom.gov.tr/bildirim/tr-23-0092 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Kron Tech | Single Connect |
Affected:
2.16
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0092"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T20:11:12.216821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T20:11:39.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Single Connect",
"vendor": "Kron Tech",
"versions": [
{
"status": "affected",
"version": "2.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Furkan KAYAPINAR"
}
],
"datePublic": "2023-02-17T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse.\u0026nbsp;\u003cspan\u003eThis issue affects Single Connect: 2.16.\u003c/span\u003e"
}
],
"value": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse.\u00a0This issue affects Single Connect: 2.16."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T11:58:31.136Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability"
},
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0092"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0092"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the patch on\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://filerepo.krontech.com/index.php/s/VQRlYxpzsECp3UU\"\u003ehttps://filerepo.krontech.com/index.php/s/VQRlYxpzsECp3UU\u003c/a\u003e\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(md5sum: 6fea2b58915854b663f43fdf4516522a, instructions on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability\"\u003ehttps://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability\"\u003e)\u003c/a\u003e\n\n)\u003c/span\u003e\u0026nbsp; and update the Single Connect (PAM) to version 2.16.1."
}
],
"value": "Apply the patch on\u00a0 https://filerepo.krontech.com/index.php/s/VQRlYxpzsECp3UU https://filerepo.krontech.com/index.php/s/VQRlYxpzsECp3UU \u00a0\n\n(md5sum: 6fea2b58915854b663f43fdf4516522a, instructions on https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability ) https://docs.krontech.com/singleconnect-2-16/update-patch-rdp-proxy-idor-vulnerability \n\n)\u00a0 and update the Single Connect (PAM) to version 2.16.1."
}
],
"source": {
"advisory": "TR-23-0092",
"defect": [
"TR-23-0092"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-14T12:00:00.000Z",
"value": "Vendor informed about the vulnerability."
},
{
"lang": "en",
"time": "2023-02-16T18:00:00.000Z",
"value": "Patch published by the vendor"
}
],
"title": "Authorization Bypass Through User-Controlled Key on Single Connect",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-0882",
"datePublished": "2023-02-17T06:44:51.711Z",
"dateReserved": "2023-02-17T05:16:54.142Z",
"dateUpdated": "2026-06-01T11:58:31.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0694 (GCVE-0-2023-0694)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 16:38- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
Affected:
0 , ≤ 3.3.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:26:12.842963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:47:22.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the \u0027mf\u0027 shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:38:06.694Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-03T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Metform Elementor Contact Form Builder \u003c= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-0694",
"datePublished": "2023-06-09T05:33:12.037Z",
"dateReserved": "2023-02-06T21:15:05.129Z",
"dateUpdated": "2026-04-08T16:38:06.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0693 (GCVE-0-2023-0693)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 16:40- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
Affected:
0 , ≤ 3.3.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:29:45.578857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:43:36.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the \u0027mf_transaction_id\u0027 shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:40:56.702Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-03T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Metform Elementor Contact Form Builder \u003c= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via \u0027mf_transaction_id\u0027 shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-0693",
"datePublished": "2023-06-09T05:33:12.877Z",
"dateReserved": "2023-02-06T21:03:31.719Z",
"dateUpdated": "2026-04-08T16:40:56.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0692 (GCVE-0-2023-0692)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:28- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
Affected:
0 , ≤ 3.3.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:22:55.981820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:34:14.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the \u0027mf_payment_status\u0027 shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:11.026Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-03T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Metform Elementor Contact Form Builder \u003c= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via \u0027mf_payment_status\u0027 shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-0692",
"datePublished": "2023-06-09T05:33:36.880Z",
"dateReserved": "2023-02-06T21:01:15.623Z",
"dateUpdated": "2026-04-08T17:28:11.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0691 (GCVE-0-2023-0691)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:06- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| roxnor | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
Affected:
0 , ≤ 3.3.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:25:07.749001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:40:33.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MetForm \u2013 Contact Form, Survey, Quiz, \u0026 Custom Form Builder for Elementor",
"vendor": "roxnor",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the \u0027mf_last_name\u0027 shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter\u0027s last name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:06:38.253Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/metform/trunk/base/shortcode.php?rev=2845078"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2910040/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-03T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Metform Elementor Contact Form Builder \u003c= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-0691",
"datePublished": "2023-06-09T05:33:23.964Z",
"dateReserved": "2023-02-06T20:57:53.924Z",
"dateUpdated": "2026-04-08T17:06:38.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.