Lucene search
K

12 matches found

CVE
CVE
added 2026/07/08 7:43 p.m.9 views

CVE-2026-59805

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController. Authenticated sellers can manipulate purchase access for other sellers' products by issuing PUT requests to revoke_access and undo_revoke_access without validating ownership. This lets attackers...

7.1CVSS6.1AI score0.0022EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 7:43 p.m.3 views

CVE-2026-59805 Gumroad < 2026.07.06.2 - Insecure Direct Object Reference in PurchasesController

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.2AI score0.0022EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.8 views

CVE-2023-45059

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

6.5CVSS5.6AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-49380

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2023/10/18 9:15 a.m.14 views

CVE-2023-45059

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2023/10/18 9:15 a.m.5 views

CVE-2023-45059

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

5.4CVSS7.3AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2023/10/18 9:15 a.m.17 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

4.9CVSS5.2AI score0.0031EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 8:23 a.m.12 views

CVE-2023-45059 WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

6.5CVSS5.6AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2023/10/18 8:23 a.m.53 views

CVE-2023-45059

CVE-2023-45059 affects the WordPress Gumroad plugin up to version 3.1.0, where an Authenticated (Contributor+) Stored Cross‑Site Scripting (XSS) vulnerability exists. The issue arises from insufficient input validation/escaping of parameters, enabling stored XSS when a user with the contributor r...

6.5CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/18 8:23 a.m.16 views

CVE-2023-45059 WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...

6.5CVSS6AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.5 views

WordPress Plugin Gumroad Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.0031EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.9 views

WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Gumroad Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff8b5689e312 Credits Mika Required privilege Contribut...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder