Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,791 vulnerabilities with CWE-639

CVE-2025-14844 HIGH

Membership Plugin - Restrict Content <= 3.2.16 - Unauthenticated Stripe SetupIntent Secret Leak

CVE-2025-15370 MEDIUM

Shield: Blocks Bots - Insecure Direct Object Reference

CVE-2025-64516 HIGH

GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ

CVE-2025-68492 MEDIUM

Chainlit < 2.8.5 - Authorization Bypass via User-Controlled Key

CVE-2025-40805 CRITICAL

Siemens Industrial Edge Cloud Device and Device Kit - Authentication Bypass

CVE-2025-41077 HIGH

Viafirma Inbox < 4.5.27 - Authenticated Insecure Direct Object Reference

CVE-2025-69274 HIGH

Broadcom DX NetOps Spectrum < 24.3.11 - Privilege Escalation via Authorization Bypass

CVE-2025-13457 HIGH

WooCommerce Square <5.1.1 - Info Disclosure

CVE-2025-4596 MEDIUM

Asseco ADMX <6.09.01.62 - Info Disclosure

CVE-2025-67919 MEDIUM

WofficeIO Woffice Core <5.4.30 - Auth Bypass

CVE-2025-15018 CRITICAL

WordPress Optional Email <1.3.11 - Privilege Escalation

CVE-2025-14802 MEDIUM

LearnPress - WordPress LMS Plugin <4.3.2.2 - Info Disclosure

CVE-2025-12030 MEDIUM

ACF to REST API <3.3.4 - Insecure Direct Object Reference

CVE-2025-15001 CRITICAL

FS Registration Password <1.0.1 - Privilege Escalation

CVE-2025-14996 CRITICAL

WordPress Default Registration Form <2.0.0 - Privilege Escalation

CVE-2025-68044 HIGH

Rustaurius Five Star Restaurant Reservations <2.7.9 - Auth Bypass

CVE-2025-14998 CRITICAL

Branda WordPress <3.4.24 - Privilege Escalation

CVE-2025-49352 MEDIUM

YoOhw Studio Order Cancellation & Returns for WooCommerce - Auth By...

CVE-2025-49334 MEDIUM

MyD Delivery <= 1.7.1 - Authorization Bypass Through User-Controlled Key

CVE-2025-63053 MEDIUM

Jewel Theme Master Addons for Elementor <2.0.9.9.4 - Auth Bypass

CVE-2025-69032 MEDIUM

FiveStar <= 1.7 - Authorization Bypass via User-Controlled Key

CVE-2025-69030 MEDIUM

Backpack Traveler <= 2.10.3 - Authorization Bypass Through User-Controlled Key

CVE-2025-69029 MEDIUM

Select-Themes Struktur <2.5.1 - Auth Bypass

CVE-2025-68997 MEDIUM

wpDiscuz <= 7.6.43 - Authorization Bypass Through User-Controlled Key

CVE-2025-68979 MEDIUM

SimpleCalendar Google Calendar Events <3.5.9 - Auth Bypass

Previous Page 24 of 72 Next

Details

Vulnerabilities 1,791

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy