CVE-2025-54017

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...

CVE-2025-54017

CVE-2025-54017 is a PHP Local File Inclusion in the WordPress plugin Paid Member Subscriptions (vulnerable up to 2.15.4). The root cause is improper control of include/require filenames, enabling local file inclusion. The vulnerability is rated high (CVSS 3.1 base 7.5) with network access, high i...

CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion. This issue affects Paid Member Subscriptions: from n/a through 2.15.4...

CVE-2025-54017 WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through = 2.15.4...

PT-2025-34001 · Unknown · Cozmoslabs Paid Member Subscriptions

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions through 2.15.4 Description: The software contains an improper control of filename for include/require statements, leading to a PHP local file inclusion issue. Recommendations: Update Cozmoslabs Pa...

WordPress plugin Paid Member Subscriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21448)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of channel subscriptions...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21461)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of channel subscriptions...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21453)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause unauthorized channel subscriptions...

MAL-2025-7963 Malicious code in @frozen-team-qa/subscriptions-service (npm)

The package @frozen-team-qa/subscriptions-service was found to contain malicious code...

Malicious code in @frozen-team-qa/subscriptions-service (npm)

The package @frozen-team-qa/subscriptions-service was found to contain malicious code...

CVE-2025-54458

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...

CVE-2025-8285

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

CVE-2025-44001

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...

CVE-2025-54478

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

CVE-2025-48731

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...

CVE-2025-53857

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, allowing attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...

GHSA-QPJQ-C5HR-7925 Mattermost Confluence Plugin is Missing Authentication for Critical Function

Mattermost Confluence Plugin versions 1.5.0 fail to enforce user authentication of the Mattermost instance, allowing unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...