CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

EUVD-2023-12831

Malicious code in bioql PyPI...

CVE-2023-0829

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner either a customer or an additional user, can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription...

PT-2023-16554 · Plesk · Plesk

Name of the Vulnerable Software and Affected Versions: Plesk versions 17.0 through 18.0.31 Description: A malicious subscription owner, either a customer or an additional user, can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription...