12 matches found
CVE-2026-59805
Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController. Authenticated sellers can manipulate purchase access for other sellers' products by issuing PUT requests to revoke_access and undo_revoke_access without validating ownership. This lets attackers...
CVE-2026-59805 Gumroad < 2026.07.06.2 - Insecure Direct Object Reference in PurchasesController
Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...
CVE-2023-45059
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...
EUVD-2023-49380
Malicious code in bioql PyPI...
CVE-2023-45059
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...
CVE-2023-45059
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...
CVE-2023-45059 WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...
CVE-2023-45059
CVE-2023-45059 affects the WordPress Gumroad plugin up to version 3.1.0, where an Authenticated (Contributor+) Stored Cross‑Site Scripting (XSS) vulnerability exists. The issue arises from insufficient input validation/escaping of parameters, enabling stored XSS when a user with the contributor r...
CVE-2023-45059 WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gumroad plugin = 3.1.0 versions...
WordPress Plugin Gumroad Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Gumroad Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Gumroad Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff8b5689e312 Credits Mika Required privilege Contribut...