WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...

CVE-2026-56330

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

CVE-2026-56330 Capgo - Open Redirect via Unvalidated Stripe Billing URLs

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

EUVD-2026-38126

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

CVE-2026-56330

Capgo prior to 12.128.2 has an open redirect in the stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and cre...

PT-2026-51158

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not use btrfssetitemkeysafe on RAID stripe-extents. Do not use btrfssetitemkeysafe to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drivers:md: fix a potential use-after-free bug At line 2884, the statement "raid5releasestripesh;" removes the reference to sh, which may cause sh to be released. However, sh is later used in line 2886, where it appears in the...

CVE-2026-12093

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...

EUVD-2026-37847

The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitra...

CVE-2026-12093

The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...

EUVD-2026-37620

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

EUVD-2026-37595

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...

CVE-2026-49081

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

CVE-2026-40726

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...

CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...

CVE-2026-49081

The CVE-2026-49081 entry notes an Unauthenticated Broken Access Control in the WordPress User Registration Stripe plugin, affecting versions

CVE-2026-40726 WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...

CVE-2026-40726

CVE-2026-40726 affects the WordPress plugin User Registration Stripe (versions

NPM: n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

NPM: n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...