CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.— MITRE CWE catalog
1,857 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 20 of 38
- CVE-2025-14101HIGHCVSS 7.1EG 7.12025-12-17
Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers. This issue affects PaperWork: from 5.2.0.9427 before 6.0.
- CVE-2025-14356MEDIUMCVSS 4.3EG 4.32025-12-12
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to, and including, 3.5.33. This makes it p…
- CVE-2025-14459HIGHCVSS 8.5EG 8.52026-01-26
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC sourc…
- CVE-2025-14594LOWCVSS 3.5EG 3.52026-02-11
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline val…
- CVE-2025-1469HIGHCVSS 7.5EG 7.52025-07-21
Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers. This issue affects Eyotek: before 11.03.2025.
- CVE-2025-14742MEDIUMCVSS 4.3EG 4.32026-02-25
The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_search_recipes' and 'ajax_get_recipe' functions in all versions up to, and including, 10.2.3. This makes i…
- CVE-2025-14772HIGHCVSS 8.8EG 8.82026-06-03
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.
- CVE-2025-14802MEDIUMCVSS 5.4EG 5.42026-01-07
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch be…
- CVE-2025-14844HIGHCVSS 8.2EG 8.22026-01-16
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability…
- CVE-2025-14881LOWCVSS 3.8EG 3.82025-12-19
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
- CVE-2025-14882LOWCVSS 3.8EG 3.82025-12-19
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
- CVE-2025-14996CRITICALCVSS 9.8EG 9.82026-01-06
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's iden…
- CVE-2025-14998CRITICALCVSS 9.8EG 9.82026-01-02
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. …
- CVE-2025-15001CRITICALCVSS 9.8EG 9.82026-01-06
The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating…
- CVE-2025-15018CRITICALCVSS 9.8EG 9.82026-01-07
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'random_password' filter to registration context…
- CVE-2025-15025HIGHCVSS 8.8EG 8.82026-05-14
Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This…
- CVE-2025-15096HIGHCVSS 8.8EG 8.82026-02-11
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to upd…
- CVE-2025-15106MEDIUMCVSS 6.3EG 6.32025-12-27
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper auth…
- CVE-2025-15147MEDIUMCVSS 4.3EG 4.32026-02-10
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller:…
- CVE-2025-15370MEDIUMCVSS 4.3EG 4.32026-01-16
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing va…
- CVE-2025-15521CRITICALCVSS 9.8EG 9.82026-01-21
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly va…
- CVE-2025-15582MEDIUMCVSS 5.4EG 5.42026-02-20
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypas…
- CVE-2025-15626MEDIUMCVSS 5.3EG 5.32026-04-27
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
- CVE-2025-15657MEDIUMCVSS 5.3EG 5.32026-06-17
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
- CVE-2025-1607MEDIUMCVSS 4.3EG 4.32025-02-24
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id …
- CVE-2025-1667HIGHCVSS 8.8EG 8.82025-03-15
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it po…
- CVE-2025-20114MEDIUMCVSS 4.3EG 4.32025-05-21
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validatio…
- CVE-2025-20214MEDIUMCVSS 4.3EG 4.32025-05-07
A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability…
- CVE-2025-2125MEDIUMCVSS 4.3EG 4.32025-03-09
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovante_marcacao/?companyId=1 of the component PDF Document Handler. The man…
- CVE-2025-22422HIGHCVSS 7.8EG 7.82025-09-02
In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege…
- CVE-2025-22608MEDIUMCVSS 6.5EG 6.52025-01-24
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instan…
- CVE-2025-22695MEDIUMCVSS 4.3EG 4.32025-02-03
Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support nirweb-support.This issue affects Nirweb support: from n/a through <= 3.0.3.
- CVE-2025-2271HIGHCVSS 7.7EG 7.72025-03-13
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component. The vul…
- CVE-2025-22931HIGHCVSS 7.5EG 7.52025-04-03
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
- CVE-2025-2301MEDIUMCVSS 4.4EG 4.42025-07-21
Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers. This issue affects Online Exam Registration: before 14.03.2025.
- CVE-2025-24315MEDIUMCVSS 5.3EG 5.32025-04-15
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
- CVE-2025-24487MEDIUMCVSS 5.3EG 5.32025-04-15
An unauthenticated attacker can infer the existence of usernames in the system by querying an API.
- CVE-2025-24850MEDIUMCVSS 5.3EG 5.32025-04-15
An attacker can export other users' plant information.
- CVE-2025-24969MEDIUMCVSS 5.0EG 5.02025-05-14
iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in the URL. Version 3.2.1 contains a patch for the issue.
- CVE-2025-24976MEDIUMCVSS 6.6EG 6.62025-02-11
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication …
- CVE-2025-2526HIGHCVSS 8.8EG 8.82025-04-08
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details li…
- CVE-2025-25276MEDIUMCVSS 5.3EG 5.32025-04-15
An unauthenticated attacker can hijack other users' devices and potentially control them.
- CVE-2025-25282HIGHCVSS 8.1EG 8.12025-02-21
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-ten…
- CVE-2025-25777HIGHCVSS 8.0EG 8.02025-04-24
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentic…
- CVE-2025-25952MEDIUMCVSS 6.5EG 6.52025-03-03
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user informati…
- CVE-2025-26660MEDIUMCVSS 4.3EG 4.32025-03-11
SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass ac…
- CVE-2025-26788HIGHCVSS 8.4EG 8.42025-02-14
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.
- CVE-2025-26857MEDIUMCVSS 5.3EG 5.32025-04-15
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
- CVE-2025-26965MEDIUMCVSS 5.3EG 5.32025-02-25
Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.16.
- CVE-2025-26977LOWCVSS 3.8EG 3.82025-02-25
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.4.2.1.
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →