CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

CVE-2025-54478

Summary (CVE-2025-54478): Mattermost Confluence Plugin (versions

CVE-2025-54458

Mattermost Confluence Plugin vulnerability CVE-2025-54458: versions = 1.5.0 or apply vendor-provided fix as available.

CVE-2025-54458 Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...

CVE-2025-53910

The CVE concerns Mattermost Confluence Plugin prior to 1.5.0, where API calls to edit channel subscriptions do not properly verify user access to the channel. This enables creation of a channel subscription without proper channel access. No exploitation details or fixes are provided in the connec...

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

CVE-2025-53857

Mattermost Confluence Plugin

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

CVE-2025-48731

Summary : CVE-2025-48731 affects Mattermost Confluence Plugin versions

CVE-2025-44001 Unauthorized Channel Subscription Read in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...

CVE-2025-44001 Unauthorized Channel Subscription Read in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...

CVE-2025-44001

CVE-2025-44001 concerns the Mattermost Confluence Plugin where versions

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of channel subscriptions...

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause unauthorized channel subscriptions...

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause an edit channel subscription...

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of channel subscriptions...

PT-2025-32578 · WordPress · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to channels, potentially allowing unauthorized access to channel subscription details. This occurs through an API...

PT-2025-31611 · Fortinet · Fortinet Dns Server

Name of the Vulnerable Software and Affected Versions: Fortinet DNS Server affected versions not specified Description: The Fortinet DNS Server contains insufficient input validation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Paid Member Subscriptions versions = 2.15.4...

PT-2025-32582 · Mattermost · Mattermost Confluence Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not enforce authentication for users accessing the Mattermost instance. This allows unauthenticated attackers to modify channel...