Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3254 vulnerabilities reference this CWE, most recent first.

GHSA-8V57-2X2Q-JR9M

Vulnerability from github – Published: 2024-12-24 12:30 – Updated: 2024-12-24 12:30
VLAI
Details

The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-24T10:15:05Z",
    "severity": "MODERATE"
  },
  "details": "The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.",
  "id": "GHSA-8v57-2x2q-jr9m",
  "modified": "2024-12-24T12:30:42Z",
  "published": "2024-12-24T12:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12103"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3211815/content-no-cache/trunk/inc/eos-dyn-ajax.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90c6fd67-2140-4835-98d0-cfd1af95ac4c?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8V77-F7VF-CXMH

Vulnerability from github – Published: 2025-06-27 12:31 – Updated: 2025-06-27 12:31
VLAI
Details

A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T12:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-8v77-f7vf-cxmh",
  "modified": "2025-06-27T12:31:18Z",
  "published": "2025-06-27T12:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6765"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.314075"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.314075"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.599873"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.599880"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8VFW-8F88-JQ83

Vulnerability from github – Published: 2026-01-10 06:30 – Updated: 2026-01-10 06:30
VLAI
Details

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square "ccof" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-10T04:15:59Z",
    "severity": "HIGH"
  },
  "details": "The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id  function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square \"ccof\" (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site.",
  "id": "GHSA-8vfw-8f88-jq83",
  "modified": "2026-01-10T06:30:12Z",
  "published": "2026-01-10T06:30:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13457"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3415850/woocommerce-square"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7f4f726-7e53-4397-8d8b-7a574326adc6?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8VQX-G979-Q6FH

Vulnerability from github – Published: 2025-12-18 18:30 – Updated: 2026-04-01 18:36
VLAI
Details

Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-63043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T17:15:55Z",
    "severity": "MODERATE"
  },
  "details": "Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.",
  "id": "GHSA-8vqx-g979-q6fh",
  "modified": "2026-04-01T18:36:23Z",
  "published": "2025-12-18T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63043"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/post-grid/vulnerability/wordpress-post-grid-and-gutenberg-blocks-plugin-2-3-19-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/wordpress/plugin/post-grid/vulnerability/wordpress-post-grid-and-gutenberg-blocks-plugin-2-3-19-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8WMM-344F-MPJG

Vulnerability from github – Published: 2026-06-16 21:32 – Updated: 2026-06-18 13:04
VLAI
Summary
Duplicate Advisory: Tool group policy callers could accept unvalidated group IDs
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-985f-72mj-8gf7. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2026.4.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T13:04:21Z",
    "nvd_published_at": "2026-06-16T19:17:04Z",
    "severity": "MODERATE"
  },
  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-985f-72mj-8gf7. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended access controls.",
  "id": "GHSA-8wmm-344f-mpjg",
  "modified": "2026-06-18T13:04:21Z",
  "published": "2026-06-16T21:32:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53863"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-unvalidated-group-id-acceptance-in-tool-group-policy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: Tool group policy callers could accept unvalidated group IDs",
  "withdrawn": "2026-06-18T13:04:21Z"
}

GHSA-8WV9-5592-C67M

Vulnerability from github – Published: 2025-10-21 18:30 – Updated: 2025-10-21 21:33
VLAI
Details

Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-60511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-21T17:15:40Z",
    "severity": "MODERATE"
  },
  "details": "Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user\u0027s block (e.g., administrator) and send queries that are executed with that block\u0027s configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.",
  "id": "GHSA-8wv9-5592-c67m",
  "modified": "2025-10-21T21:33:39Z",
  "published": "2025-10-21T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60511"
    },
    {
      "type": "WEB",
      "url": "https://github.com/onurcangnc/moodle_block_openai_chat"
    },
    {
      "type": "WEB",
      "url": "https://onurcangenc.com.tr/posts/idor-in-moodle-openai-chat-block-block_openai_chat-proof-of-concept-poc--cve-2025-60511"
    },
    {
      "type": "WEB",
      "url": "http://moodle.com"
    },
    {
      "type": "WEB",
      "url": "http://openai.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8WXX-35QC-VP6R

Vulnerability from github – Published: 2024-07-03 18:48 – Updated: 2024-10-25 22:07
VLAI
Summary
Missing key verification in gost
Details

An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ginuerzh/gost"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-289",
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-25T22:07:23Z",
    "nvd_published_at": "2024-07-03T15:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey",
  "id": "GHSA-8wxx-35qc-vp6r",
  "modified": "2024-10-25T22:07:23Z",
  "published": "2024-07-03T18:48:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ginuerzh/gost/issues/1034"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ginuerzh/gost"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing key verification in gost"
}

GHSA-8X5Q-GQ29-2H75

Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-15 21:31
VLAI
Details

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T17:15:22Z",
    "severity": "MODERATE"
  },
  "details": "Improper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access who has gained arbitrary code\nexecution privilege in ASP\u00a0to\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity.",
  "id": "GHSA-8x5q-gq29-2h75",
  "modified": "2024-08-15T21:31:19Z",
  "published": "2024-08-13T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21981"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8XFC-9Q6X-H2XP

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-07-13 00:00
VLAI
Details

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as "profile pictures." The user IDs can be easily determined by other responses from the API for an event or chat room.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-26679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-26T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user\u0027s unique identification number and their own, an HTTP POST request can be made update their profile description or supply a new profile image. This can lead to potential cross-site scripting attacks on any user, or upload malicious PHP webshells as \"profile pictures.\" The user IDs can be easily determined by other responses from the API for an event or chat room.",
  "id": "GHSA-8xfc-9q6x-h2xp",
  "modified": "2022-07-13T00:00:50Z",
  "published": "2022-05-24T19:03:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26679"
    },
    {
      "type": "WEB",
      "url": "https://api.vfairs.com/v1/profiles"
    },
    {
      "type": "WEB",
      "url": "https://api.vfairs.com/v1/profiles?access_key="
    },
    {
      "type": "WEB",
      "url": "https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack"
    },
    {
      "type": "WEB",
      "url": "http://vfairs.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8XJV-X6F3-C657

Vulnerability from github – Published: 2025-03-03 15:31 – Updated: 2026-06-02 09:36
VLAI
Details

Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T15:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.",
  "id": "GHSA-8xjv-x6f3-c657",
  "modified": "2026-06-02T09:36:14Z",
  "published": "2025-03-03T15:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8261"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0049"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-25-0049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.