Weaknesses of type CWE-639
1,587 resultsCVE-2025-40650HIGHInsecure Direct Object Reference (IDOR) in ClickeduEPSS 0.3%CVE-2026-40043HIGHPachno 1.0.6 Authentication Bypass via runSwitchUser()EPSS 0.3%CVE-2025-68051HIGHWordPress Shiprocket plugin <= 2.0.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-50340MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send eEPSS 0.3%CVE-2025-68997MEDIUMWordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%CVE-2026-6965MEDIUMTutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET ParameterEPSS 0.3%CVE-2025-5261HIGHIDOR in PozitifIK's Pik OnlineEPSS 0.3%CVE-2024-52313MEDIUMdata.all authenticated users can obtain incorrect object level authorizationsEPSS 0.3%CVE-2025-11519MEDIUMImage optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media OffloadEPSS 0.3%CVE-2025-9835MEDIUMmacrozheng mall cancelUserOrder cancelOrder authorizationEPSS 0.3%CVE-2026-34832MEDIUMScoold: Cross-Account Feedback Deletion (IDOR)EPSS 0.3%CVE-2024-12131MEDIUMWP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-35478HIGHInvenTree has Arbitrary API Token CreationEPSS 0.3%CVE-2024-10779MEDIUMCowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-28503MEDIUMTandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404EPSS 0.3%CVE-2026-4630MEDIUMKeycloak: keycloak: unauthorized resource access and data modification via insecure direct object referenceEPSS 0.3%CVE-2024-12309MEDIUMRate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled PostsEPSS 0.3%CVE-2024-13873MEDIUMWP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo DisconnectionEPSS 0.3%CVE-2025-3889MEDIUMWordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'EPSS 0.3%