Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3239 vulnerabilities reference this CWE, most recent first.

CVE-2026-22407 (GCVE-0-2026-22407)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:56
VLAI
Title
WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Roam Affected: 0 , ≤ 2.1.1 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22407",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T18:37:12.383807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:56:45.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "roam",
          "product": "Roam",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "2.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:14.365Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Roam: from n/a through \u003c= 2.1.1.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through \u003c= 2.1.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:43.253Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-roam-theme-2-1-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Roam theme \u003c= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22407",
    "datePublished": "2026-01-22T16:52:37.888Z",
    "dateReserved": "2026-01-07T12:21:56.449Z",
    "dateUpdated": "2026-04-28T16:56:45.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22406 (GCVE-0-2026-22406)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:56
VLAI
Title
WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Overton Affected: 0 , ≤ 1.3 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T18:37:34.012006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:56:36.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "overton",
          "product": "Overton",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "1.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:12.425Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Overton: from n/a through \u003c= 1.3.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through \u003c= 1.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:43.388Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/overton/vulnerability/wordpress-overton-theme-1-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Overton theme \u003c= 1.3 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22406",
    "datePublished": "2026-01-22T16:52:37.692Z",
    "dateReserved": "2026-01-07T12:21:56.448Z",
    "dateUpdated": "2026-04-28T16:56:36.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22404 (GCVE-0-2026-22404)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:56
VLAI
Title
WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Innovio Affected: 0 , ≤ 1.7 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T17:44:54.960816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:56:20.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "innovio",
          "product": "Innovio",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "1.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:16.993Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Innovio: from n/a through \u003c= 1.7.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through \u003c= 1.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:43.038Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/innovio/vulnerability/wordpress-innovio-theme-1-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Innovio theme \u003c= 1.7 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22404",
    "datePublished": "2026-01-22T16:52:37.468Z",
    "dateReserved": "2026-01-07T12:21:56.448Z",
    "dateUpdated": "2026-04-28T16:56:20.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22400 (GCVE-0-2026-22400)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:55
VLAI
Title
WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Holmes Affected: 0 , ≤ 1.7 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T21:18:01.450001Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:55:45.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "holmes",
          "product": "Holmes",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "1.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:15.637Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Holmes: from n/a through \u003c= 1.7.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through \u003c= 1.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:43.021Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/holmes/vulnerability/wordpress-holmes-theme-1-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Holmes theme \u003c= 1.7 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22400",
    "datePublished": "2026-01-22T16:52:36.847Z",
    "dateReserved": "2026-01-07T12:21:46.518Z",
    "dateUpdated": "2026-04-28T16:55:45.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22398 (GCVE-0-2026-22398)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:55
VLAI
Title
WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Fleur Affected: 0 , ≤ 2.0 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T21:21:25.042164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:55:29.002Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "fleur",
          "product": "Fleur",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:17.238Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Fleur: from n/a through \u003c= 2.0.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through \u003c= 2.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:42.858Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/fleur/vulnerability/wordpress-fleur-theme-2-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Fleur theme \u003c= 2.0 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22398",
    "datePublished": "2026-01-22T16:52:36.563Z",
    "dateReserved": "2026-01-07T12:21:46.517Z",
    "dateUpdated": "2026-04-28T16:55:29.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22396 (GCVE-0-2026-22396)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:55
VLAI
Title
WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Fiorello Affected: 0 , ≤ 1.0 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T21:22:12.497914Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:55:12.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "fiorello",
          "product": "Fiorello",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:18.301Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Fiorello: from n/a through \u003c= 1.0.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through \u003c= 1.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:42.859Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/fiorello/vulnerability/wordpress-fiorello-theme-1-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Fiorello theme \u003c= 1.0 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22396",
    "datePublished": "2026-01-22T16:52:36.370Z",
    "dateReserved": "2026-01-07T12:21:46.517Z",
    "dateUpdated": "2026-04-28T16:55:12.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22393 (GCVE-0-2026-22393)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:54
VLAI
Title
WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Curly Affected: 0 , ≤ 3.3 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22393",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T21:23:38.965677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:54:47.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "curly",
          "product": "Curly",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "3.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:11.695Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Curly: from n/a through \u003c= 3.3.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through \u003c= 3.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:42.825Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/curly/vulnerability/wordpress-curly-theme-3-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Curly theme \u003c= 3.3 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22393",
    "datePublished": "2026-01-22T16:52:36.166Z",
    "dateReserved": "2026-01-07T12:21:40.879Z",
    "dateUpdated": "2026-04-28T16:54:47.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22391 (GCVE-0-2026-22391)

Vulnerability from cvelistv5 – Published: 2026-01-22 16:52 – Updated: 2026-04-28 16:54
VLAI
Title
WordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Mikado-Themes Cocco Affected: 0 , ≤ 1.5.1 (custom)
Create a notification for this product.
Date Public
2026-04-22 14:21
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T18:38:32.436181Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:54:29.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "cocco",
          "product": "Cocco",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "1.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:21:15.037Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Cocco: from n/a through \u003c= 1.5.1.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through \u003c= 1.5.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:42.753Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/cocco/vulnerability/wordpress-cocco-theme-1-5-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Cocco theme \u003c= 1.5.1 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22391",
    "datePublished": "2026-01-22T16:52:35.937Z",
    "dateReserved": "2026-01-07T12:21:40.879Z",
    "dateUpdated": "2026-04-28T16:54:29.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22383 (GCVE-0-2026-22383)

Vulnerability from cvelistv5 – Published: 2026-02-20 15:47 – Updated: 2026-04-28 16:53
VLAI
Title
WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Date Public
2026-04-22 14:20
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22383",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T14:15:53.703695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T16:53:30.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://themeforest.net",
          "defaultStatus": "unaffected",
          "packageName": "pawfriends",
          "product": "PawFriends - Pet Shop and Veterinary WordPress Theme",
          "vendor": "Mikado-Themes",
          "versions": [
            {
              "lessThanOrEqual": "1.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:20:21.335Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through \u003c= 1.3.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through \u003c= 1.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:42.305Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Theme/pawfriends/vulnerability/wordpress-pawfriends-pet-shop-and-veterinary-wordpress-theme-theme-1-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme \u003c= 1.3 - Insecure Direct Object References (IDOR) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-22383",
    "datePublished": "2026-02-20T15:47:06.889Z",
    "dateReserved": "2026-01-07T12:21:36.722Z",
    "dateUpdated": "2026-04-28T16:53:30.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22235 (GCVE-0-2026-22235)

Vulnerability from cvelistv5 – Published: 2026-01-08 17:13 – Updated: 2026-01-08 18:19
VLAI
Title
OPEXUS eComplaint IDOR
Summary
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
OPEXUS eComplaint Affected: 0 , < 9.0.45.0 (custom)
Unaffected: 9.0.45.0
Create a notification for this product.
Date Public
2026-01-08 00:00
Credits
Zach Crosman, CISA
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22235",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-08T18:19:04.759466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-08T18:19:28.076Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "eComplaint",
          "vendor": "OPEXUS",
          "versions": [
            {
              "lessThan": "9.0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "9.0.45.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Zach Crosman, CISA"
        }
      ],
      "datePublic": "2026-01-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the \u0027DocumentOpen.aspx\u0027 endpoint, iterate through predictable values of \u0027chargeNumber\u0027, and download any uploaded files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        },
        {
          "other": {
            "content": {
              "id": "CVE-2026-22235",
              "options": [
                {
                  "Exploitation": "poc"
                },
                {
                  "Automatable": "yes"
                },
                {
                  "Technical Impact": "partial"
                }
              ],
              "role": "CISA Coordinator",
              "timestamp": "2026-01-05T16:31:59.035811Z",
              "version": "2.0.3"
            },
            "type": "ssvc"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-08T17:13:24.266Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "name": "url",
          "tags": [
            "government-resource",
            "third-party-advisory"
          ],
          "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-02.json"
        },
        {
          "name": "url",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22235"
        }
      ],
      "title": "OPEXUS eComplaint IDOR"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2026-22235",
    "datePublished": "2026-01-08T17:13:24.266Z",
    "dateReserved": "2026-01-06T22:00:19.558Z",
    "dateUpdated": "2026-01-08T18:19:28.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.