WordPress Paid Membership Subscriptions plugin <= 2.12.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Paid Member Subscriptions versions = 2.12.8...

WordPress plugin Paid Membership Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Paid Member Subscriptions Plugin <= 2.12.8 is vulnerable to Cross Site Scripting (XSS)

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9222 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4cd4d58effde Credits Colin ...

GHSA-RW3J-574H-MRCQ IDOR vulnerability in account profile page

Impact Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer...

IDOR vulnerability in account profile page

Impact Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer...

CVE-2024-39319

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

PT-2024-28443 · Aimeos · Aimeos/Ai-Controller-Frontend

Name of the Vulnerable Software and Affected Versions: aimeos/ai-controller-frontend versions prior to 2024.4.2 aimeos/ai-controller-frontend versions prior to 2023.10.9 aimeos/ai-controller-frontend versions prior to 2022.10.8 aimeos/ai-controller-frontend versions prior to 2021.10.8...

CVE-2024-6691

The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. Thi...

PT-2024-11549 · Unknown · Nats Server +1

Name of the Vulnerable Software and Affected Versions: NATS Server versions prior to 2.8.2 NATS Streaming Server versions prior to 0.24.6 Description: The issue is caused by the failure to enforce negative user permissions in one scenario, allowing a remote attacker to bypass security restriction...

CVE-2024-3961

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...

CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possibl...

CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...

CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...

CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...

CVE-2024-36372

JetBrains TeamCity is affected by a reflected XSS on the subscriptions page in versions before 2023.05.6. Multiple connected sources (NVD/Nessus/CNVD/CNNVD) describe lack of proper input filtering/escaping on the subscriptions page as the root cause. Practical impact is execution of arbitrary scr...

CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...

EUVD-2024-36040

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible...

PT-2024-3959

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.6 Description The issue is related to a reflected XSS vulnerability on the subscriptions page, which could allow a remote attacker to conduct cross-site scripting attacks. This is due to the lack of...

USN-6768-1 glib2.0 vulnerability

Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation...