Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,800 vulnerabilities with CWE-639

CVE-2024-55231 MEDIUM

PHPGurukul Online Notes Sharing Management System 1.0 - Insecure Direct Object Reference

CVE-2024-4464 HIGH

Synology Media Server <2.2.0-3325 - Auth Bypass

CVE-2024-12061 MEDIUM

Events Addon for Elementor <= 2.2.3 - Authenticated Information Exposure via naevents_elementor_template Shortcode

CVE-2024-9819 MEDIUM

NextGeography NG Analyser <2.2.711 - Auth Bypass

CVE-2024-10690 MEDIUM

Shortcodes for Elementor <= 1.0.4 - Authenticated Information Exposure via SHORTCODE_ELEMENTOR Shortcode

CVE-2024-12447 MEDIUM

Get Post Content Shortcode <0.4 - Insecure Direct Object Reference

CVE-2024-12309 MEDIUM

Rate My Post - Star Rating Plugin <4.2.4 - Info Disclosure

CVE-2024-11275 MEDIUM

WP Timetics <1.0.27 - Info Disclosure

CVE-2024-11181 MEDIUM

Greenshift <= 9.9.9.3 - Authenticated Information Exposure via wp_reusable_render Shortcode

CVE-2024-12059 MEDIUM

ElementInvader Addons for Elementor <= 1.3.1 - Sensitive Information Exposure via eli_option_value

CVE-2024-12483 LOW

Dromara UJCMS <= 9.6.3 - Authorization Bypass in User ID Handler

CVE-2024-12306 MEDIUM

Unifiedtransform 2.0 - Info Disclosure

CVE-2024-12305 MEDIUM

Unifiedtransform 2.0 - Info Disclosure

CVE-2024-10692 MEDIUM

PowerPack Elementor Addons <2.8.1 - Info Disclosure

CVE-2024-10689 MEDIUM

XLTab <= 1.4 - Authenticated Information Exposure via XLTAB_INSERT_TPL Shortcode

CVE-2024-10777 MEDIUM

AnyWhere Elementor <1.2.11 - Info Disclosure

CVE-2024-10787 MEDIUM

LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated Information Exposure via 'elementor-template' Shortcode

CVE-2024-12099 MEDIUM

Dollie Hub <= 6.2.0 - Authenticated Information Exposure via 'elementor-template' Shortcode

CVE-2024-42422 HIGH

Dell NetWorker 19.10 - Info Disclosure

CVE-2024-12062 MEDIUM

Charity Addon for Elementor <= 1.3.3 - Authenticated Information Exposure via 'nacharity_elementor_template' Shortcode

CVE-2024-53617 MEDIUM

LibrePhotos - Cross-Site Scripting and Authorization Bypass via File Upload

CVE-2024-38827 MEDIUM

Spring Security Core < 5.7.14 - Authorization Bypass via Locale-Dependent String Case Conversion

CVE-2024-10798 MEDIUM

Royal Elementor Addons and Templates < 1.7.1003 - Authenticated Information Exposure via wpr-template Shortcode

CVE-2024-10780 MEDIUM

Elementor Restaurant & Cafe Addon <= 1.5.9 - Authenticated Information Exposure

CVE-2024-10670 MEDIUM

Primary Addon for Elementor <= 1.6.2 - Authenticated Information Exposure via Shortcode

Previous Page 42 of 72 Next

Details

Vulnerabilities 1,800

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy