CWE-639— Authorization Bypass Through User-Controlled Key (IDOR)
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.— MITRE CWE catalog
1,857 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-639page 22 of 38
- CVE-2025-3625HIGHCVSS 7.1EG 7.12025-04-25
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA…
- CVE-2025-3636MEDIUMCVSS 4.3EG 4.32025-04-25
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
- CVE-2025-36365MEDIUMCVSS 6.8EG 6.82026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due t…
- CVE-2025-3640MEDIUMCVSS 4.3EG 4.32025-04-25
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
- CVE-2025-3769MEDIUMCVSS 5.3EG 5.32025-05-14
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'view_booking_summary_in_lightbox' due to mis…
- CVE-2025-3810CRITICALCVSS 9.8EG 9.82025-05-09
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details l…
- CVE-2025-3811CRITICALCVSS 9.8EG 9.82025-05-09
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details l…
- CVE-2025-3853MEDIUMCVSS 6.5EG 6.52025-05-07
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible fo…
- CVE-2025-3874MEDIUMCVSS 6.5EG 6.52025-05-01
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthe…
- CVE-2025-3889MEDIUMCVSS 5.3EG 5.32025-05-01
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user controlled key. This m…
- CVE-2025-39434MEDIUMCVSS 4.3EG 4.32025-04-17
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through <= 0.1.4.
- CVE-2025-4040HIGHCVSS 7.1EG 7.12025-07-21
Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation. This issue affects Automatic Station Monitoring System: before 5.0.6.51.
- CVE-2025-40650HIGHCVSS 8.7EG 8.72025-05-26
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.
- CVE-2025-40658HIGHCVSS 7.5EG 7.52025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/f…
- CVE-2025-40659HIGHCVSS 7.5EG 7.52025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/f…
- CVE-2025-40660HIGHCVSS 7.5EG 7.52025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/dat…
- CVE-2025-40661HIGHCVSS 7.5EG 7.52025-06-10
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/s…
- CVE-2025-40676MEDIUMCVSS 5.3EG 5.32025-10-07
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by m…
- CVE-2025-40773LOWCVSS 3.5EG 3.52025-10-14
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attac…
- CVE-2025-40805CRITICALCVSS 10.0EG 10.02026-01-13
Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requir…
- CVE-2025-41020HIGHCVSS 7.5EG 7.52025-10-16
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.
- CVE-2025-41069MEDIUMCVSS 5.3EG 5.32025-11-13
Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter in ‘/ajax/TInnova_v…
- CVE-2025-41077HIGHCVSS 8.1EG 8.12026-01-12
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and…
- CVE-2025-41086MEDIUMCVSS 6.5EG 6.52025-12-02
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and t…
- CVE-2025-41091MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details u…
- CVE-2025-41092MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records detai…
- CVE-2025-41093MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic contract de…
- CVE-2025-41094MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to functional contra…
- CVE-2025-41095MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to planning counter d…
- CVE-2025-41096MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the dates of the c…
- CVE-2025-41097MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee de…
- CVE-2025-41098HIGHCVSS 7.5EG 7.52025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a misuse of the general enquiry web service.
- CVE-2025-41099MEDIUMCVSS 6.5EG 6.52025-09-30
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user to access to the list of permis…
- CVE-2025-4119MEDIUMCVSS 5.3EG 5.32025-04-30
A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1…
- CVE-2025-4129HIGHCVSS 7.5EG 7.52025-07-21
Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: before 13.05.2025.
- CVE-2025-41358HIGHCVSS 8.3EG 8.32025-12-10
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ …
- CVE-2025-4210HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability classified as critical was found in Casdoor up to 1.811.0. This vulnerability affects the function HandleScim of the file controllers/scim.go of the component SCIM User Creation Endpoint. The manipulation leads to authoriza…
- CVE-2025-42605CRITICALCVSS 9.3EG 9.32025-04-23
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerabi…
- CVE-2025-43724MEDIUMCVSS 4.4EG 4.42025-10-08
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized a…
- CVE-2025-43732LOWCVSS 2.7EG 2.72025-08-18
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vul…
- CVE-2025-43782MEDIUMCVSS 4.3EG 4.32025-09-11
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to a…
- CVE-2025-43790HIGHCVSS 8.1EG 8.12025-09-11
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to fr…
- CVE-2025-43803MEDIUMCVSS 4.3EG 4.32025-09-19
Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 G…
- CVE-2025-43810MEDIUMCVSS 4.3EG 4.32025-09-22
Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remot…
- CVE-2025-43827MEDIUMCVSS 4.3EG 4.32025-09-30
Insecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through…
- CVE-2025-4596MEDIUMCVSS 5.3EG 5.32026-01-08
Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 ve…
- CVE-2025-45968CRITICALCVSS 9.8EG 9.82025-08-25
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper a…
- CVE-2025-46386HIGHCVSS 8.8EG 8.82025-08-06
CWE-639 Authorization Bypass Through User-Controlled Key
- CVE-2025-46387HIGHCVSS 8.8EG 8.82025-08-06
CWE-639 Authorization Bypass Through User-Controlled Key
- CVE-2025-4691MEDIUMCVSS 5.3EG 5.32025-05-31
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to mi…
Map vulnerabilities like CWE-639 to your infrastructure
EchelonGraph correlates every CVE — across CWE-639 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →