CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3255 vulnerabilities reference this CWE, most recent first.
GHSA-PF8R-282H-75WR
Vulnerability from github – Published: 2022-01-15 00:01 – Updated: 2022-01-25 00:03Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.
{
"affected": [],
"aliases": [
"CVE-2021-3965"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-14T20:15:00Z",
"severity": "HIGH"
},
"details": "Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.",
"id": "GHSA-pf8r-282h-75wr",
"modified": "2022-01-25T00:03:16Z",
"published": "2022-01-15T00:01:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3965"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_5268198-5268230-16"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PFQ9-5P8F-GP4M
Vulnerability from github – Published: 2025-08-14 12:30 – Updated: 2026-04-01 18:35Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
{
"affected": [],
"aliases": [
"CVE-2025-54691"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T11:15:50Z",
"severity": "MODERATE"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.",
"id": "GHSA-pfq9-5p8f-gp4m",
"modified": "2026-04-01T18:35:50Z",
"published": "2025-08-14T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54691"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/motors-car-dealership-classified-listings/vulnerability/wordpress-motors-plugin-plugin-1-4-80-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PFWQ-MR9G-GQ6M
Vulnerability from github – Published: 2025-10-13 21:31 – Updated: 2025-10-13 23:12Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in one virtual instance to assign an organization to a user in a different virtual instance via the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:com.liferay.portal.impl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "99.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62252"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-13T23:12:07Z",
"nvd_published_at": "2025-10-13T21:15:35Z",
"severity": "MODERATE"
},
"details": "Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in one virtual instance to assign an organization to a user in a different virtual instance via the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter.",
"id": "GHSA-pfwq-mr9g-gq6m",
"modified": "2025-10-13T23:12:07Z",
"published": "2025-10-13T21:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62252"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/8c3fc088f82ffc981a21935e8b6dcf8f36e27152"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/e7b6074a320a8872ffe9423c3d1a64dada4f3238"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.atlassian.net/browse/LPE-17941"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62252"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key"
}
GHSA-PG6G-JF8C-49P7
Vulnerability from github – Published: 2026-07-10 15:31 – Updated: 2026-07-10 15:31Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide.
{
"affected": [],
"aliases": [
"CVE-2026-56765"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-10T15:16:43Z",
"severity": "CRITICAL"
},
"details": "Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide.",
"id": "GHSA-pg6g-jf8c-49p7",
"modified": "2026-07-10T15:31:40Z",
"published": "2026-07-10T15:31:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-vikunja/vikunja/security/advisories/GHSA-2pv8-4c52-mf8j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56765"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vikunja-unauthenticated-instance-wide-data-breach-via-link-share-hash-disclosure-chained-with-cross-project-attachment-idor"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PGFM-8CHM-HCV4
Vulnerability from github – Published: 2025-02-04 09:31 – Updated: 2025-02-04 09:31The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.
{
"affected": [],
"aliases": [
"CVE-2024-13607"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-04T07:15:12Z",
"severity": "MODERATE"
},
"details": "The JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the \u0027exportusereraserequest\u0027 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.",
"id": "GHSA-pgfm-8chm-hcv4",
"modified": "2025-02-04T09:31:07Z",
"published": "2025-02-04T09:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13607"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.8/modules/gdpr/controller.php#L110"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3230977"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGPF-M8M4-6CG6
Vulnerability from github – Published: 2026-03-12 14:07 – Updated: 2026-03-12 14:07Impact
Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in.
To actively exploit this security issue, an attacker would need access to the Backend with a user account with any level of access.
The Winter CMS maintainers strongly recommend that all Winter CMS sites that have any reliance on the roles & permissions system to update immediately. Security fixes have been backported to all major versions of Winter (1.0, 1.1, and 1.2).
Patches
Multiple fixes and defence in depth has been applied to prevent current and future privilege escalation attacks at the lowest level possible.
This security issue has been fixed as of https://wintercms.com/releases/v1.0.477, https://wintercms.com/releases/v1.1.12, https://wintercms.com/releases/v1.2.12.
Workarounds
If you cannot upgrade, you may apply the changes from the releases to your Winter CMS installation manually to resolve this issue.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "winter/wn-backend-module"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "winter/wn-backend-module"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.1.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "winter/wn-backend-module"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.477"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27591"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-639",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-12T14:07:39Z",
"nvd_published_at": "2026-03-11T22:16:32Z",
"severity": "CRITICAL"
},
"details": "## Impact\nAffected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in.\n\nTo actively exploit this security issue, an attacker would need access to the Backend with a user account with any level of access.\n\nThe Winter CMS maintainers strongly recommend that all Winter CMS sites that have any reliance on the roles \u0026 permissions system to update immediately. Security fixes have been backported to all major versions of Winter (1.0, 1.1, and 1.2).\n\n## Patches\nMultiple fixes and defence in depth has been applied to prevent current and future privilege escalation attacks at the lowest level possible.\n\nThis security issue has been fixed as of https://wintercms.com/releases/v1.0.477, https://wintercms.com/releases/v1.1.12, https://wintercms.com/releases/v1.2.12.\n\n## Workarounds\nIf you cannot upgrade, you may apply the changes from the releases to your Winter CMS installation manually to resolve this issue.",
"id": "GHSA-pgpf-m8m4-6cg6",
"modified": "2026-03-12T14:07:39Z",
"published": "2026-03-12T14:07:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-pgpf-m8m4-6cg6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27591"
},
{
"type": "PACKAGE",
"url": "https://github.com/wintercms/winter"
},
{
"type": "WEB",
"url": "https://wintercms.com/releases/v1.0.477"
},
{
"type": "WEB",
"url": "https://wintercms.com/releases/v1.1.12"
},
{
"type": "WEB",
"url": "https://wintercms.com/releases/v1.2.12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Winter vulnerable to privilege escalation by authenticated backend users"
}
GHSA-PGXQ-P76C-X9CG
Vulnerability from github – Published: 2026-05-29 22:19 – Updated: 2026-05-29 22:19Impact
Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission.
Patches
Workarounds
Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submission editing until patched.
Credit
formie extends many thanks to: - Florian (Cyber Security Engineer, arcade solutions ag) - Contact: security@arcade.ch
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "verbb/formie"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "verbb/formie"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47266"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T22:19:19Z",
"nvd_published_at": "2026-05-29T20:16:28Z",
"severity": "HIGH"
},
"details": "### Impact\nUnauthenticated users could modify existing submissions by posting a known or guessed submission ID to `formie/submissions/save-submission`.\n\n### Patches\n[2.2.21](https://github.com/verbb/formie/releases/tag/2.2.21), [3.1.26](https://github.com/verbb/formie/releases/tag/3.1.26)\n\n### Workarounds\nBlock unauthenticated access to `actions/formie/submissions/save-submission`, or disable/customize front-end submission editing until patched.\n\n### Credit\nformie extends many thanks to:\n- Florian (Cyber Security Engineer, arcade solutions ag)\n- Contact: [security@arcade.ch](mailto:security@arcade.ch)",
"id": "GHSA-pgxq-p76c-x9cg",
"modified": "2026-05-29T22:19:19Z",
"published": "2026-05-29T22:19:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/verbb/formie/security/advisories/GHSA-pgxq-p76c-x9cg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47266"
},
{
"type": "PACKAGE",
"url": "https://github.com/verbb/formie"
},
{
"type": "WEB",
"url": "https://github.com/verbb/formie/releases/tag/2.2.21"
},
{
"type": "WEB",
"url": "https://github.com/verbb/formie/releases/tag/3.1.26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "formie\u0027s unauthenticated front-end submission editing can overwrite existing submissions"
}
GHSA-PJ5G-V5V3-3C22
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-01-31 12:33In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.
{
"affected": [],
"aliases": [
"CVE-2024-4154"
],
"database_specific": {
"cwe_ids": [
"CWE-639",
"CWE-821"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T18:15:09Z",
"severity": "HIGH"
},
"details": "In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project\u0027s endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.",
"id": "GHSA-pj5g-v5v3-3c22",
"modified": "2025-01-31T12:33:01Z",
"published": "2024-05-21T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4154"
},
{
"type": "WEB",
"url": "https://github.com/lunary-ai/lunary/commit/c43b6c62035f32ca455f66d5fd22ba661648cde7"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e56509af-f7af-4e1e-a04b-9cb53545f30f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PJ87-HX3M-256X
Vulnerability from github – Published: 2025-01-11 09:30 – Updated: 2025-01-11 09:30The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
{
"affected": [],
"aliases": [
"CVE-2024-11915"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T08:15:24Z",
"severity": "MODERATE"
},
"details": "The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.",
"id": "GHSA-pj87-hx3m-256x",
"modified": "2025-01-11T09:30:30Z",
"published": "2025-01-11T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11915"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/rrdevs-for-elementor"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f7e300f-06b5-4f59-9deb-9771bf86a204?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PJFR-44XR-RRW5
Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-01 06:31The Kadence Blocks – Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the Optimize_Rest_Controller's create_item(), get_item(), delete_item(), and bulk_delete_items() endpoints — authorization is checked via current_user_can('edit_post'/'delete_post', $post_id) against the user-supplied post_id, while the storage layer keys analysis records on sha256($post_path) from a separately supplied, attacker-controlled post_path parameter, with no enforcement that post_path corresponds to post_id. This makes it possible for authenticated attackers, with Contributor-level access and above, to read or delete optimizer analysis records belonging to posts owned by other users by submitting their own post_id (which passes the capability check) together with the victim post's path.
{
"affected": [],
"aliases": [
"CVE-2026-12904"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T05:16:17Z",
"severity": "MODERATE"
},
"details": "The Kadence Blocks \u2013 Gutenberg Blocks for Page Builder Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.7.7. This is due to a mismatch between the object used for authorization and the object actually accessed in the Optimize_Rest_Controller\u0027s create_item(), get_item(), delete_item(), and bulk_delete_items() endpoints \u2014 authorization is checked via current_user_can(\u0027edit_post\u0027/\u0027delete_post\u0027, $post_id) against the user-supplied post_id, while the storage layer keys analysis records on sha256($post_path) from a separately supplied, attacker-controlled post_path parameter, with no enforcement that post_path corresponds to post_id. This makes it possible for authenticated attackers, with Contributor-level access and above, to read or delete optimizer analysis records belonging to posts owned by other users by submitting their own post_id (which passes the capability check) together with the victim post\u0027s path.",
"id": "GHSA-pjfr-44xr-rrw5",
"modified": "2026-07-01T06:31:34Z",
"published": "2026-07-01T06:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12904"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Path/Path.php#L60"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L153"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L197"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L232"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L339"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L383"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L420"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L458"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.6.7/includes/resources/Optimizer/Store/Table_Store.php#L96"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Path/Path.php#L60"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L153"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L197"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L232"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L339"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L383"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L420"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Rest/Optimize_Rest_Controller.php#L458"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.7.6/includes/resources/Optimizer/Store/Table_Store.php#L96"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3590217%40kadence-blocks\u0026new=3590217%40kadence-blocks\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/24cdd50f-742c-457c-85f7-9cccaf366e87?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.