CVE-2025-31088

CVE-2025-31088 is a stored XSS in Paid Membership Subscriptions (WordPress) caused by improper input neutralization during web page generation. Affected: Paid Membership Subscriptions up to version 2.14.3 (no fixed version specified in the provided docs). The description indicates stored XSS rath...

WordPress plugin Paid Member Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2025-30900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0...

CVE-2025-30900

CVE-2025-30900 describes a stored cross-site scripting vulnerability in Zoho Subscriptions – Zoho Billing Embed Payment Form. The issue is caused by improper neutralization of input during web page generation, allowing an attacker to inject malicious scripts that are stored and later executed in ...

CVE-2025-30523

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue affects Super Simple Subscriptions: from n/a through = 1.1.0...

CVE-2025-30523

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue affects Super Simple Subscriptions: from n/a through = 1.1.0...

CVE-2025-30523

CVE-2025-30523 affects the WordPress plugin Super Simple Subscriptions (

CVE-2025-30523 WordPress Super Simple Subscriptions plugin <= 1.1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue affects Super Simple Subscriptions: from n/a through = 1.1.0...

CVE-2025-30523 WordPress Super Simple Subscriptions plugin <= 1.1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue affects Super Simple Subscriptions: from n/a through = 1.1.0...

WordPress Super Simple Subscriptions plugin <= 1.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Super Simple Subscriptions versions = 1.1.0...

WordPress plugin Super Simple Subscriptions SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Super Simp...

WordPress plugin Subscriptions & Memberships for PayPal 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2025-8686 · WordPress · Subscriptions & Memberships For Paypal

Name of the Vulnerable Software and Affected Versions: Subscriptions & Memberships for PayPal plugin for WordPress versions up to and including 1.1.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function, allowing unauthenticate...

WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Krzysztof Zając in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.6...

O-RAN RIC 安全漏洞

O-RAN RIC is a RIC application from O-RAN. A security vulnerability exists in O-RAN RIC that stems from e2mgr crashing when it receives a large number of E2 Subscription Requests...

PT-2025-7833 · Woocommerce · Autoship Cloud For Woocommerce Subscription Products

Name of the Vulnerable Software and Affected Versions: Autoship Cloud for WooCommerce Subscription Products versions 2.8.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability...

WordPress plugin Autoship Cloud for WooCommerce Subscription Products 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2025-0739

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTIONID" param of the endpoint "/demos/embedai/subscriptions/show/"...

PT-2025-4000 · New Rock Technologies · Mx8G Voip Gateway +2

Name of the Vulnerable Software and Affected Versions: Affected products affected versions not specified Description: The Cloud MQTT service of the affected products supports wildcard topic subscription, which could allow an attacker to obtain sensitive information from tapping the service...

CVE-2024-12919

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pmspbpaymentredirectlink function using the user-controlled value...