Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3255 vulnerabilities reference this CWE, most recent first.

GHSA-9J2M-4PQQ-WMH6

Vulnerability from github – Published: 2024-01-22 21:31 – Updated: 2025-06-11 18:35
VLAI
Details

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-22T20:15:47Z",
    "severity": "MODERATE"
  },
  "details": "The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar",
  "id": "GHSA-9j2m-4pqq-wmh6",
  "modified": "2025-06-11T18:35:38Z",
  "published": "2024-01-22T21:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6384"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J6F-FVM4-55CM

Vulnerability from github – Published: 2024-10-18 21:32 – Updated: 2024-10-18 21:32
VLAI
Details

A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10121"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-18T19:15:13Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This appears not to be a path traversal weakness. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-9j6f-fvm4-55cm",
  "modified": "2024-10-18T21:32:18Z",
  "published": "2024-10-18T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weliveby/ForCVE/blob/main/radar%20Authentication%20bypass%20vulnerability.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.280913"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.280913"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.420960"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9J6P-QPXG-9H39

Vulnerability from github – Published: 2025-04-15 21:31 – Updated: 2025-04-15 21:31
VLAI
Details

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-15T21:15:56Z",
    "severity": "MODERATE"
  },
  "details": "An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner\u0027s username.",
  "id": "GHSA-9j6p-qpxg-9h39",
  "modified": "2025-04-15T21:31:45Z",
  "published": "2025-04-15T21:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30254"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9JF2-67MG-R5PH

Vulnerability from github – Published: 2026-06-06 00:31 – Updated: 2026-06-06 00:31
VLAI
Details

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar update flow. This is due to the save_avatar() function in Charitable_Profile_Form calling wp_delete_attachment() on an attachment ID read from the user's 'avatar' meta without validating that the attachment is owned by the user, combined with Charitable_Data_Processor::process_picture() returning the raw posted value when no file is uploaded, allowing the 'avatar' user meta to be poisoned with any attacker-chosen attachment ID. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments from the Media Library by performing a two-request chain (first poisoning the stored avatar meta value with a target attachment ID, then triggering deletion via a normal avatar upload).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-06T00:16:40Z",
    "severity": "MODERATE"
  },
  "details": "The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations \u0026 More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar update flow. This is due to the save_avatar() function in Charitable_Profile_Form calling wp_delete_attachment() on an attachment ID read from the user\u0027s \u0027avatar\u0027 meta without validating that the attachment is owned by the user, combined with Charitable_Data_Processor::process_picture() returning the raw posted value when no file is uploaded, allowing the \u0027avatar\u0027 user meta to be poisoned with any attacker-chosen attachment ID. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments from the Media Library by performing a two-request chain (first poisoning the stored avatar meta value with a target attachment ID, then triggering deletion via a normal avatar upload).",
  "id": "GHSA-9jf2-67mg-r5ph",
  "modified": "2026-06-06T00:31:38Z",
  "published": "2026-06-06T00:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10038"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10.5/includes/abstracts/abstract-class-charitable-form.php#L429"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10.5/includes/forms/class-charitable-profile-form.php#L724"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10.5/includes/forms/class-charitable-profile-form.php#L728"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10.5/includes/users/class-charitable-user.php#L986"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10.5/includes/utilities/class-charitable-data-processor.php#L270"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10/includes/abstracts/abstract-class-charitable-form.php#L429"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10/includes/forms/class-charitable-profile-form.php#L724"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10/includes/forms/class-charitable-profile-form.php#L728"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10/includes/users/class-charitable-user.php#L986"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.10/includes/utilities/class-charitable-data-processor.php#L270"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3557047/charitable/trunk/includes/forms/class-charitable-profile-form.php?old=3435951\u0026old_path=charitable%2Ftrunk%2Fincludes%2Fforms%2Fclass-charitable-profile-form.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/657bea00-9709-48b8-807a-c9a18b0aee1d?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9JM5-85J2-P9F4

Vulnerability from github – Published: 2024-04-11 03:34 – Updated: 2024-08-16 18:30
VLAI
Details

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-11T01:22:43Z",
    "severity": "MODERATE"
  },
  "details": "An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication \u0026 Authorization component",
  "id": "GHSA-9jm5-85j2-p9f4",
  "modified": "2024-08-16T18:30:56Z",
  "published": "2024-04-11T03:34:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51141"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/ipxsec/1680d29c49fe368be81b037168175b10"
    },
    {
      "type": "WEB",
      "url": "http://biotime.com"
    },
    {
      "type": "WEB",
      "url": "http://zkteko.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9MPG-26VJ-7VX3

Vulnerability from github – Published: 2026-04-22 00:31 – Updated: 2026-04-29 15:30
VLAI
Details

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter in the request body. Authorization was verified against the repository in the URL, but the action was applied to a different repository specified in the request body. The impact is limited to assigning existing trusted users as bypass reviewers; it does not allow adding arbitrary external users. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4 and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T23:16:19Z",
    "severity": "MODERATE"
  },
  "details": "An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter in the request body. Authorization was verified against the repository in the URL, but the action was applied to a different repository specified in the request body. The impact is limited to assigning existing trusted users as bypass reviewers; it does not allow adding arbitrary external users. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4 and 3.20.1. This vulnerability was reported via the GitHub Bug Bounty program.",
  "id": "GHSA-9mpg-26vj-7vx3",
  "modified": "2026-04-29T15:30:36Z",
  "published": "2026-04-22T00:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3307"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.25"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.20"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.16"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.13"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.7"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.4"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9MRH-CW6F-GM2J

Vulnerability from github – Published: 2025-07-02 18:30 – Updated: 2025-07-02 21:31
VLAI
Details

The distributed engine of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-02T16:15:29Z",
    "severity": "LOW"
  },
  "details": "The distributed engine of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.",
  "id": "GHSA-9mrh-cw6f-gm2j",
  "modified": "2025-07-02T21:31:59Z",
  "published": "2025-07-02T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6942"
    },
    {
      "type": "WEB",
      "url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024"
    },
    {
      "type": "WEB",
      "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm"
    },
    {
      "type": "WEB",
      "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm"
    },
    {
      "type": "WEB",
      "url": "https://trust.delinea.com"
    },
    {
      "type": "WEB",
      "url": "https://trust.delinea.com/?tcuUid=2b68edca-7930-438d-b960-2d6da07cdde9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9P28-MPWC-HJWF

Vulnerability from github – Published: 2025-12-17 21:30 – Updated: 2025-12-19 21:30
VLAI
Details

AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-17T20:15:54Z",
    "severity": "HIGH"
  },
  "details": "AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.",
  "id": "GHSA-9p28-mpwc-hjwf",
  "modified": "2025-12-19T21:30:17Z",
  "published": "2025-12-17T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34436"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/4a53ab2056"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/c279999cbd"
    },
    {
      "type": "WEB",
      "url": "https://chocapikk.com/posts/2025/avideo-security-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-upload"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9P38-VH7F-VFW8

Vulnerability from github – Published: 2026-02-03 06:31 – Updated: 2026-02-03 06:31
VLAI
Details

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wp_ulike_delete_history_api AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for authenticated attackers, with Subscriber-level access and above (granted the 'stats' capability is assigned to their role), to delete arbitrary log entries belonging to other users via the 'id' parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T04:15:56Z",
    "severity": "MODERATE"
  },
  "details": "The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for authenticated attackers, with Subscriber-level access and above (granted the \u0027stats\u0027 capability is assigned to their role), to delete arbitrary log entries belonging to other users via the \u0027id\u0027 parameter.",
  "id": "GHSA-9p38-vh7f-vfw8",
  "modified": "2026-02-03T06:31:04Z",
  "published": "2026-02-03T06:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0909"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-ulike/tags/4.8.3.1/admin/admin-ajax.php#L94"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-ulike/trunk/admin/admin-ajax.php#L94"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3451296/wp-ulike/trunk/admin/admin-ajax.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bee2e520-46cc-4b54-9849-fafb9b37ba19?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9P3J-8VJX-24PQ

Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-26 15:32
VLAI
Details

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T15:16:44Z",
    "severity": "MODERATE"
  },
  "details": "Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce \u003c= 3.0.0 versions.",
  "id": "GHSA-9p3j-8vjx-24pq",
  "modified": "2026-06-26T15:32:16Z",
  "published": "2026-06-26T15:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56048"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/checkout-fees-for-woocommerce/vulnerability/wordpress-payment-gateway-based-fees-and-discounts-for-woocommerce-plugin-3-0-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.