CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3235 vulnerabilities reference this CWE, most recent first.
CVE-2025-15370 (GCVE-0-2025-15370)
Vulnerability from cvelistv5 – Published: 2026-01-16 04:44 – Updated: 2026-04-08 17:26- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| paultgoodchild | Shield: Blocks Bots, Protects Users, and Prevents Security Breaches |
Affected:
0 , ≤ 21.0.9
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T14:43:58.729359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:44:37.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Shield: Blocks Bots, Protects Users, and Prevents Security Breaches",
"vendor": "paultgoodchild",
"versions": [
{
"lessThanOrEqual": "21.0.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable Google Authenticator for any user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:26:36.042Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d777014a-5397-4062-af39-7ea86589a0d0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-simple-firewall/tags/21.0.8/src/lib/src/ActionRouter/Actions/MfaGoogleAuthToggle.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3438647/wp-simple-firewall"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-15T15:58:56.000Z",
"value": "Disclosed"
}
],
"title": "Shield Security \u003c= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15370",
"datePublished": "2026-01-16T04:44:35.383Z",
"dateReserved": "2025-12-30T17:25:48.869Z",
"dateUpdated": "2026-04-08T17:26:36.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15147 (GCVE-0-2025-15147)
Vulnerability from cvelistv5 – Published: 2026-02-09 23:23 – Updated: 2026-04-08 17:21- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| wclovers | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace |
Affected:
0 , ≤ 2.11.8
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:47:21.782233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:47:58.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace",
"vendor": "wclovers",
"versions": [
{
"lessThanOrEqual": "2.11.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jing Xuan Sun"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the \u0027WCFMvm_Memberships_Payment_Controller::processing\u0027 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify other users\u0027 membership payments."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:21:40.486Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d286db-b2a7-46c4-825f-dc67dda8a63d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3455830/wc-multivendor-membership#file436"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wc-multivendor-membership/tags/2.11.8/controllers/wcfmvm-controller-memberships-payment.php#L32"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T12:31:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-09T11:17:32.000Z",
"value": "Disclosed"
}
],
"title": "WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace \u003c= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15147",
"datePublished": "2026-02-09T23:23:28.319Z",
"dateReserved": "2025-12-27T13:25:09.137Z",
"dateUpdated": "2026-04-08T17:21:40.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15096 (GCVE-0-2025-15096)
Vulnerability from cvelistv5 – Published: 2026-02-11 09:49 – Updated: 2026-04-08 17:19- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| kamleshyadav | Videospirecore Theme Plugin |
Affected:
0 , ≤ 1.0.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:19:53.235453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:20:08.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Videospirecore Theme Plugin",
"vendor": "kamleshyadav",
"versions": [
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u0027Videospirecore Theme Plugin\u0027 plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user\u0027s email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:22.736Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf152269-73e1-473f-8d97-ce94e9b885d0?source=cve"
},
{
"url": "https://themeforest.net/item/videospire-video-streaming-ott-platform-wordpress-theme/39243225?s_rank=1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-10T21:29:59.000Z",
"value": "Disclosed"
}
],
"title": "Videospirecore Theme Plugin \u003c= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15096",
"datePublished": "2026-02-11T09:49:23.282Z",
"dateReserved": "2025-12-25T15:05:00.627Z",
"dateUpdated": "2026-04-08T17:19:22.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15025 (GCVE-0-2025-15025)
Vulnerability from cvelistv5 – Published: 2026-05-14 12:59 – Updated: 2026-05-14 13:44- CWE-639 - Authorization bypass through User-Controlled key
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. | Library Automation System |
Affected:
v.21.6 , < v.22.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T13:44:10.967787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T13:44:16.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Library Automation System",
"vendor": "Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.",
"versions": [
{
"lessThan": "v.22.1",
"status": "affected",
"version": "v.21.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Serdar \u00c7ATAL"
}
],
"datePublic": "2026-05-14T12:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.\u003cp\u003eThis issue affects Library Automation System: from v.21.6 before v.22.1.\u003c/p\u003e"
}
],
"value": "Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.\n\nThis issue affects Library Automation System: from v.21.6 before v.22.1."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T12:59:51.988Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0240"
}
],
"source": {
"advisory": "TR-26-0240",
"defect": [
"TR-26-0240"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Yordam Informatics\u0027 Library Automation System",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-15025",
"datePublished": "2026-05-14T12:59:51.988Z",
"dateReserved": "2025-12-22T08:06:59.161Z",
"dateUpdated": "2026-05-14T13:44:16.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15018 (GCVE-0-2025-15018)
Vulnerability from cvelistv5 – Published: 2026-01-07 08:21 – Updated: 2026-04-08 17:35- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| djanym | Optional Email |
Affected:
0 , ≤ 1.3.11
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:17:34.204773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:17:43.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Optional Email",
"vendor": "djanym",
"versions": [
{
"lessThanOrEqual": "1.3.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its \u0027random_password\u0027 filter to registration contexts, allowing the filter to affect password reset key generation. This makes it possible for unauthenticated attackers to set a known password reset key when initiating a password reset, reset the password of any user including administrators, and gain access to their accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:35:18.878Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4243e9-cf72-40d5-bc7d-204426024a1d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/optional-email/tags/1.3.11/optional-email.php?marks=44,51#L44"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-19T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-06T19:57:29.000Z",
"value": "Disclosed"
}
],
"title": "Optional Email \u003c= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15018",
"datePublished": "2026-01-07T08:21:57.437Z",
"dateReserved": "2025-12-22T02:54:37.143Z",
"dateUpdated": "2026-04-08T17:35:18.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15001 (GCVE-0-2025-15001)
Vulnerability from cvelistv5 – Published: 2026-01-06 04:31 – Updated: 2026-04-08 16:41- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| fsylum | FS Registration Password |
Affected:
0 , ≤ 1.0.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:36:55.437355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:37:02.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FS Registration Password",
"vendor": "fsylum",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:37.094Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22351b90-fc34-44ce-9241-4a0f01eb7b1c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/registration-password/tags/1.0.1/src/WP/Auth.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3431651/registration-password"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T16:31:31.000Z",
"value": "Disclosed"
}
],
"title": "FS Registration Password \u003c= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15001",
"datePublished": "2026-01-06T04:31:55.460Z",
"dateReserved": "2025-12-20T18:36:03.748Z",
"dateUpdated": "2026-04-08T16:41:37.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14998 (GCVE-0-2025-14998)
Vulnerability from cvelistv5 – Published: 2026-01-02 01:48 – Updated: 2026-04-08 17:15- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| wpmudev | Branda – White Label & Branding, Free Login Page Customizer |
Affected:
0 , ≤ 3.4.24
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-05T20:33:41.996720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T20:39:35.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Branda \u2013 White Label \u0026 Branding, Free Login Page Customizer",
"vendor": "wpmudev",
"versions": [
{
"lessThanOrEqual": "3.4.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:15:21.481Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/branda-white-labeling/tags/3.4.24/inc/modules/login-screen/signup-password.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3429115/branda-white-labeling#file1749"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-20T15:17:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-01T13:29:04.000Z",
"value": "Disclosed"
}
],
"title": "Branda \u2013 White Label \u0026 Branding, Free Login Page Customizer \u003c= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14998",
"datePublished": "2026-01-02T01:48:20.495Z",
"dateReserved": "2025-12-20T15:01:44.895Z",
"dateUpdated": "2026-04-08T17:15:21.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14996 (GCVE-0-2025-14996)
Vulnerability from cvelistv5 – Published: 2026-01-06 04:31 – Updated: 2026-04-08 16:33- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| aksharsoftsolutions | AS Password Field In Default Registration Form |
Affected:
0 , ≤ 2.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:39:41.134842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:40:55.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AS Password Field In Default Registration Form",
"vendor": "aksharsoftsolutions",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Drew Webber"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:37.050Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/061f022b-b922-4499-bb34-8ea91ba5ace3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/as-password-field-in-default-registration-form/tags/2.0.0/as-password-field-default-registration.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T16:08:45.000Z",
"value": "Disclosed"
}
],
"title": "AS Password Field In Default Registration Form \u003c= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14996",
"datePublished": "2026-01-06T04:31:54.884Z",
"dateReserved": "2025-12-20T12:33:41.264Z",
"dateUpdated": "2026-04-08T16:33:37.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14974 (GCVE-0-2025-14974)
Vulnerability from cvelistv5 – Published: 2026-03-25 20:20 – Updated: 2026-03-28 01:45- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7266723 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7.0.0 , ≤ 11.7.1.6
(semver)
cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T01:45:02.979931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T01:45:31.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
],
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.7.1.6",
"status": "affected",
"version": "11.7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).\u003c/p\u003e"
}
],
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T20:20:27.484Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7266723"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca title=\"DT458648\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008daT/dt458648\" rel=\"nofollow\"\u003eDT458648\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM InfoSphere Information Server\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\"\u003e11.7.1.6 Service pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458648 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008daT/dt458648 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779"
}
],
"title": "IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14974",
"datePublished": "2026-03-25T20:20:27.484Z",
"dateReserved": "2025-12-19T15:09:58.873Z",
"dateUpdated": "2026-03-28T01:45:31.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14882 (GCVE-0-2025-14882)
Vulnerability from cvelistv5 – Published: 2025-12-19 12:24 – Updated: 2025-12-19 13:50- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://pretix.eu/about/en/blog/20251218-release-… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| pretix | pretix-offlinesales |
Affected:
1.12.0 , ≤ 1.12.1
(python)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T13:50:11.991702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T13:50:26.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://marketplace.pretix.eu/",
"defaultStatus": "unaffected",
"packageName": "pretix-offlinesales",
"product": "pretix-offlinesales",
"vendor": "pretix",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "1.12.0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"value": "An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 3.8,
"baseSeverity": "LOW",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T12:24:01.241Z",
"orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"shortName": "rami.io"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pretix.eu/about/en/blog/20251218-release-2025-10-1/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insecure direct object reference",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"assignerShortName": "rami.io",
"cveId": "CVE-2025-14882",
"datePublished": "2025-12-19T12:24:01.241Z",
"dateReserved": "2025-12-18T11:52:58.280Z",
"dateUpdated": "2025-12-19T13:50:26.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.