CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

EUVD-2025-17175

Malicious code in bioql PyPI...

CVE-2025-28984

Cross-Site Request Forgery CSRF vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through = 1.4.1...

CVE-2025-28984

Cross-Site Request Forgery CSRF vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through = 1.4.1...

CVE-2025-28984 WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vulnerability

Cross-Site Request Forgery CSRF vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7...

CVE-2025-28984 WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through = 1.4.1...

CVE-2025-28984

CVE-2025-28984 is a CSRF vulnerability in the WordPress plugin Subscription Renewal Reminders for WooCommerce (affecting versions up to 1.3.7). The Wordfence data indicates a Medium severity (CVSSv3.1/3.1: 4.3) with network attacker, no privileges required, and user interaction required. Reported...

WordPress plugin Subscription Renewal Reminders for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2025-24131 · Woocommerce · Subscription Renewal Reminders For Woocommerce

Name of the Vulnerable Software and Affected Versions: Subscription Renewal Reminders for WooCommerce versions 1.3.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into...

WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Subscription Renewal Reminders for WooCommerce versions = 1.4.1...

Studio Console Shows "Enable DaaS" for First Time Use

Citrix DaaS customers encounter the following message indicating their service needs to be enabled for one of the following reasons: 1 DaaS must be enabled for first time use 2 DaaS is disabled due to inactivity 3 DaaS subscription licenses are updated renewal or net new...