PT-2025-45067

Name of the Vulnerable Software and Affected Versions Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction versions prior to 2.16.5 Description The plugin is susceptible to unauthorized data modification because of a missing capability and validation...

EUVD-2025-35913

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it...

CVE-2025-11564 Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it...

EUVD-2015-9365

Malware in sbrugna...

TimeLock cannot schedule the same calls multiple times

Handle cmichel Vulnerability details The TimeLock.schedule function reverts if the same targets and data fields are used as the txHash will be the same. This means one cannot schedule the same transactions multiple times. Impact Imagine the delay is set to 30 days, but a contractor needs to be pa...

WordPress Easy Digital Downloads Recurring Payments extension cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Easy Digital Downloads EDD Recurring Payments extension is a payment gateway plugin used in it. A cross-site scripting vulnerability...

CVE-2015-9525

The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

Design/Logic Flaw

The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2015-9525

The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2015-9525

The CVE-2015-9525 issue concerns the Easy Digital Downloads (EDD) Recurring Payments extension for WordPress. The vulnerability is an XSS flaw caused by misusing add_query_arg in multiple EDD versions (1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before ...

Coinbase: Authentication Issue

Hello there, I noticed while creating Recurring payment while 2FA is enabled it asks a user to enter verification code. So when someone confirm the Reccuring payment a request is sent to : POST /recurringpayments/58087a3d6861ee015644fc48/confirm HTTP/1.1 Host: beta.coinbase.com User-Agent:...