Lucene search
+L

531 matches found

Nuclei
Nuclei
added 2 days ago89 views

WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discountcode in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.81828EPSS
Exploits2References5
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43285

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...

9.1CVSS6.1AI score0.00261EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-11964

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...

9.1CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 6:16 p.m.10 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 5:40 p.m.15 views

CVE-2026-59817

Ghost is a Node.js content management system. Affects versions from 6.27.0 up to but not including 6.44.0; the public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment, without exposing cust...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 5:40 p.m.7 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS5.8AI score0.00257EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/09 5:40 p.m.5 views

CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS6AI score0.00257EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/09 5:40 p.m.37 views

CVE-2026-59817 Ghost: Paid gift memberships obtainable at minimal cost via the donations feature

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.6 views

PT-2026-56900

Name of the Vulnerable Software and Affected Versions Ghost versions 6.27.0 through 6.43.x Description The public donation checkout flow in this Node.js content management system allows an unauthenticated attacker to manipulate donation checkout metadata. This can lead to the acquisition of full...

5.3CVSS6AI score0.00257EPSS
Exploits0References13
CVE
CVE
added 2026/07/02 6:0 a.m.22 views

CVE-2026-11965

The CVE-2026-11965 entry affects the WordPress plugin User Registration & Membership prior to version 5.2.0. The underlying issue is that the plugin does not enforce payment completion before activating a paid membership subscription, enabling unauthenticated users (after self-registering via the...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54021

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication bypass exists due to an improper NULL comparison in the authorization gate. Unauthenticated attackers can exploit this by using a public API key to access the PostgREST RPC endpoin...

8.7CVSS5.8AI score0.00341EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57659

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.37 views

CVE-2026-57659 WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.8 views

EUVD-2026-39664

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.18 views

CVE-2026-57659

CVE-2026-57659 describes an unauthenticated CSRF vulnerability in the WordPress plugin Paid Memberships Pro – Add Member From Admin (versions

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:24 p.m.12 views

WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability

WordPress Paid Memberships Pro - Add Member From Admin plugin = 0.7.2 - Cross Site Request Forgery CSRF vulnerability discovered by Roll in WordPress Plugin Paid Memberships Pro - Add Member From Admin versions = 0.7.2...

8.8CVSS5.8AI score0.0013EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 9:16 a.m.14 views

CVE-2026-1869

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 7:54 a.m.40 views

CVE-2026-1869

CVE-2026-1869 concerns the WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder.” The vulnerability is caused by missing validation checks in the confirm_payment() function across all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:54 a.m.38 views

CVE-2026-1869 User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52829

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro - Add Member From Admin versions prior to 0.7.3 Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to execute unauthorized actions via crafted requests. CSRF is a type of attack...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3
Rows per page
Query Builder