Insecure Direct Object Reference
Accessing resources by manipulating identifiers without proper authorization checks.
How it works
Accessing resources by manipulating identifiers without proper authorization checks.
In WordPress
Common in REST API endpoints and AJAX handlers that access posts or users by ID without verifying permissions.
Related terms
WP HealthKit checks for Insecure Direct Object Reference-related vulnerabilities automatically
Run a Free Audit