WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Paid Member Subscriptions versions = 2.15.9...

CVE-2025-58600 WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.15.9...

CVE-2025-58600 WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.15.9...

CVE-2025-58600

CVE-2025-58600 affects the WordPress plugin Paid Membership Subscriptions (Cozmoslabs) up to version 2.15.9, with a Missing Authorization/Broken Access Control flaw. CVSS3.1 metrics: AV:N, AC:L, PR:N, UI:N, S:U, C:N, I:N, A:L; base score 5.3 (Medium). Attack surface is networked, requires no priv...

PT-2025-35734

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions through 2.15.9 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update to a version later than 2.15.9...

WordPress plugin Paid Member Subscriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation due to failure to check user permissions when editing channel subscriptions via the API...

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation caused by failure to check user permissions when creating channel subscriptions via the API...

Improper Authentication

Mattermost Confluence Plugin is vulnerable to improper authentication. The vulnerability is due to the failure to enforce user authentication to the Mattermost instance, which allows an attacker to edit channel subscriptions via an unauthenticated API call...

MAL-2025-46938 Malicious code in monolith-twirp-webhooksubscriptions-subscriptions (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df56bfac6f56194f6dc4db74f8761484bd20d2a46e61558f757a3179e3e249e8 The OpenSSF Package Analysis project identified 'monolith-twirp-webhooksubscriptions-subscriptions' @ 1.5.0 rubygems as malicious. It is...

Malicious code in monolith-twirp-webhooksubscriptions-subscriptions (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df56bfac6f56194f6dc4db74f8761484bd20d2a46e61558f757a3179e3e249e8 The OpenSSF Package Analysis project identified 'monolith-twirp-webhooksubscriptions-subscriptions' @ 1.5.0 rubygems as malicious. It is...

Malicious code in example-subscriptions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

MAL-2025-41808 Malicious code in example-subscriptions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

Linux Distros Unpatched Vulnerability : CVE-2020-13346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential...

Linux Distros Unpatched Vulnerability : CVE-2024-4006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all...

CVE-2025-54017

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...

SUSE CVE-2025-44001

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...

SUSE CVE-2025-53857

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

SUSE CVE-2025-54478

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

SUSE CVE-2025-8285

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...