Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2024-13694 HIGH

WooCommerce Wishlist < 1.8.7 - Unauthenticated Insecure Direct Object Reference via download_pdf_file()

CVE-2024-13457 MEDIUM

WordPress - Insecure Direct Object Reference

CVE-2024-10497 HIGH

PowerLogic HDPM6000 v0.62.7 - Authenticated Privilege Escalation via Modified HTTPS Requests

CVE-2024-11146 MEDIUM

TrueFiling <3.1.112.19 - Info Disclosure

CVE-2024-10775 MEDIUM

Piotnet Addons For Elementor <2.4.32 - Info Disclosure

CVE-2024-12116 MEDIUM

Unlimited Theme Addon For Elementor & WooCommerce <1.2.1 - Info Dis...

CVE-2024-11915 MEDIUM

RRAddons for Elementor < 1.1.0 - Authenticated Information Exposure via Popup Block

CVE-2024-42169 HIGH

HCL MyXalytics - Authorization Bypass via Insecure Direct Object Reference

CVE-2024-12472 MEDIUM

Post Duplicator < 2.36 - Authenticated Information Exposure via mtphr_duplicate_post()

CVE-2024-10215 CRITICAL

WPBookit <1.6.4 - Privilege Escalation

CVE-2024-44450 MEDIUM

AIMS eCrew - Authorization Bypass Through User-Controlled Key

CVE-2024-12131 MEDIUM

WP Job Portal < 2.2.5 - Authenticated Insecure Direct Object Reference via User-Controlled Key

CVE-2024-12132 MEDIUM

WP Job Portal < 2.2.4 - Authenticated Insecure Direct Object Reference via User-Controlled Key

CVE-2024-13040 HIGH

QOCA aim - Authorization Bypass via User ID Parameter

CVE-2024-52294 MEDIUM

Khoj < 1.29.10 - Authenticated Insecure Direct Object Reference in Subscription Endpoint

CVE-2024-12335 MEDIUM

Avada (Fusion) Builder <= 3.11.12 - Authenticated Information Exposure via handle_clone_post Function

CVE-2024-12103 MEDIUM

Content No Cache: prevent specific content from being cached <0.1.2...

CVE-2024-10797 MEDIUM

Full Screen Menu for Elementor <= 1.0.7 - Authenticated Information Exposure via Elementor Widget

CVE-2024-55471 MEDIUM

Oqtane.Framework - Insecure Direct Object Reference in UserController via ID Parameter

CVE-2024-55186 MEDIUM

Oqtane.Framework 6.0.0 - Authenticated Insecure Direct Object Reference via Notification ID Manipulation

CVE-2024-55506 HIGH

CodeAstro Complaint Management System v1.0 - Authorization Bypass via delete.php id Parameter

CVE-2024-55231 MEDIUM

PHPGurukul Online Notes Sharing Management System 1.0 - Insecure Direct Object Reference

CVE-2024-4464 HIGH

Synology Media Server <2.2.0-3325 - Auth Bypass

CVE-2024-12061 MEDIUM

Events Addon for Elementor <= 2.2.3 - Authenticated Information Exposure via naevents_elementor_template Shortcode

CVE-2024-9819 MEDIUM

NextGeography NG Analyser <2.2.711 - Auth Bypass

Previous Page 41 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy