CVE-2024-11683 Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting

The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tokentype' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress Newsletter Subscriptions plugin <= 2.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Newsletter Subscriptions versions = 2.1...

WordPress plugin Newsletter Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-11205

The CVE-2024-11205 entry applies to the WPForms WordPress plugin. A missing capability check in wpforms_is_admin_page affects versions 1.8.4 through 1.9.2.1, enabling authenticated users with Subscriber-level access and above to refund payments and cancel subscriptions. The issue is mitigated by ...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus version 11.0.0 and versions prior to 11.3.0, which stems from a setting of WEBSOCKETSGRAPHQLAUTH or...

WordPress Paid Membership Subscriptions plugin <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Paid Member Subscriptions versions = 2.13.0...

WordPress Paid Member Subscriptions Plugin <= 2.13.0 is vulnerable to Arbitrary Code Execution

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10261 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID da8c77c26afb Credits Arkadiusz Hydzik Require...

PT-2024-9554 · Stripe · Stripe

Name of the Vulnerable Software and Affected Versions: WPForms versions 1.8.4 through 1.9.2.1 Description: The issue is related to a missing capability check in the wpforms is admin page function, which allows authenticated attackers with Subscriber-level access and above to refund payments and...

CVE-2024-10261

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

WordPress plugin The Paid Membership Subscriptions 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exis...

PT-2024-16142 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.0 Description: The issue is related to arbitrary shortcode execution due to the software...

CLSA-2024-1730800739 glib2: Fix of CVE-2024-34397

CVE-2024-34397: Fix GDBus signal subscriptions from unicast spoofing...

CVE-2024-9222

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes ...

CVE-2024-9222 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes ...

CVE-2024-9222 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes ...

CVE-2024-9222

The CVE refers to the WordPress plugin Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (vendor: Paid Memberships Pro) with CVE-2024-9222. It describes a Reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping of add_query...