Weaknesses of type CWE-639
1,585 resultsCVE-2026-2028MEDIUMMaxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' ParameterEPSS 0.3%CVE-2024-10795MEDIUMPopularis Extra <= 1.2.7 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-31296MEDIUMWordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-11146MEDIUMTrueFiling authorization bypass via user-controlled keysEPSS 0.3%CVE-2022-3459MEDIUMWooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift AddingEPSS 0.3%CVE-2025-14996CRITICALAS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-26016CRITICALPterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing AuthorizationEPSS 0.3%CVE-2025-3640MEDIUMMoodle: idor in web service allows users enrolled in a course to access some details of other usersEPSS 0.3%CVE-2024-10925MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2026-28444MEDIUMTypebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data DisclosureEPSS 0.3%CVE-2025-15096HIGHVideospirecore Theme Plugin <= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account TakeoverEPSS 0.3%CVE-2026-1271MEDIUMProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image ModificationEPSS 0.3%CVE-2026-25324MEDIUMWordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-49978MEDIUMWordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-45732HIGHn8n: Cross-user Authorization Bypass in Dynamic Credential OAuth EndpointsEPSS 0.3%CVE-2026-27329MEDIUMWordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-58012LOWWordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-63065MEDIUMWordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24599MEDIUMWordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-6612MEDIUMTransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorizationEPSS 0.3%