CVE-2024-12919

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pmspbpaymentredirectlink function using the user-controlled value...

CVE-2024-12919

CVE-2024-12919 relates to the Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress. The flaw is an Authentication Bypass in which the function pms_pb_payment_redirect_link uses a user-controlled pms_payment_id to authenticate, enabl...

CVE-2024-12919 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pmspbpaymentredirectlink function using the user-controlled value...

WordPress plugin Paid Membership Subscriptions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

PT-2025-1979 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.7 Description: The issue is due to the pms pb payment redirect link function using the...

WordPress Paid Membership Subscriptions plugin <= 2.13.7 - Authentication Bypass via pms_payment_id vulnerability

Authentication Bypass via pmspaymentid vulnerability discovered by wesley wcraft in WordPress Plugin Paid Member Subscriptions versions = 2.13.7...

CVE-2023-50850

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

CVE-2023-50850

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

WordPress plugin WooCommerce Subscriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin...

PT-2024-13977 · Woocommerce · Woocommerce Subscriptions

Name of the Vulnerable Software and Affected Versions: WooCommerce Subscriptions versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in Woo WooCommerce Subscriptions, allowing exploitation of incorrectly configured access control security levels...

CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

Authorization Bypass Through User-Controlled Key

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatesubscription endpoint. An authenticated attacker can modify other users' Stripe subscriptions by manipulating the email parameter in the...

khoj has an IDOR in subscription management allows unauthorized subscription modifications

Summary An Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. Details The vulnerability exists in the subscription endpoint at...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-11291

CVE-2024-11291 affects the Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress. The vulnerability enables Sensitive Information Exposure through the WordPress core search feature, allowing unauthenticated attackers to extract restr...

WordPress plugin Paid Membership Subscriptions 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2024-11683 Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting

The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tokentype' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...