The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and vers
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An una
Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dial
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some c
Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistenc
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1.1 via the getUser() due
The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited e
The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since t
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously craf
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, res
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend use
Page 1+ Next →