Register
Login
Toggle navigation
SaaS Solutions
Vulnerability Intelligence
Vulnerability Management
Pricing
Vulnerabilities
Reports
Blog
Contact Us
Main
Vulnerability Database
CWE List
CWE-639 - Authorization Bypass Through User-Controlled Key
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Latest vulnerabilities for CWE-639
Spoofing attack in ManageEngine Endpoint Central
2025-04-07
Low
Yes
Information disclosure in Post Duplicator plugin for WordPress
2025-03-28
Medium
Yes
Authorization bypass through user-controlled key in Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress
2025-03-24
Medium
Yes
Authorization bypass through user-controlled key in RRAddons for Elementor plugin for WordPress
2025-03-20
Medium
Yes
Multiple vulnerabilities in [clickstorm] SEO extension for TYPO3
2025-03-19
Medium
Yes
Multiple vulnerabilities in WPSchoolPress plugin for WordPress
2025-03-18
Medium
No
Multiple vulnerabilities in Sungrow iSolarCloud Android App
2025-03-14
High
Yes
Information disclosure in Piotnet Addons For Elementor plugin for WordPress
2025-01-29
Low
Yes
Multiple vulnerabilities in Schneider Electric Power Logic HDPM6000
2025-01-29
Medium
Yes
Multiple vulnerabilities in IBM Cloud Pak System
2025-01-20
Medium
Yes
References
Description of CWE-639 on Mitre website