CVE-2024-32728

CVE-2024-32728 is a CSRF vulnerability in Cozmoslabs Paid Member Subscriptions (WordPress). The entry states: Cross-Site Request Forgery vulnerability affecting Paid Member Subscriptions from n/a through 2.11.0, but the provided documents do not disclose the exact root cause, affected actions wit...

Gitlab -- vulnerabilities

Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...

WordPress plugin Paid Membership Subscriptions 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Paid Membership...

WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Paid Member Subscriptions versions = 2.11.0...

WordPress Paid Member Subscriptions Plugin <= 2.11.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.11.0 Fixed in 2.11.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32728 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 208bd8186051 Credits...

PT-2024-20726 · Softing · Softing Uatoolkit Embedded

Name of the Vulnerable Software and Affected Versions: Softing uaToolkit Embedded versions prior to 1.41.1 Description: An issue was discovered in Softing uaToolkit Embedded. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled,...

Paid Memberships Pro < 3.0 - Cross-Site Request Forgery

Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmproliftersavestreamlineoption...

CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

CVE-2023-51522

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522 WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522 WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522

CVE-2023-51522 is a CSRF vulnerability in the Cozmoslabs Paid Member Subscriptions WordPress plugin, affecting version 2.10.4 and earlier. Evidence from NVD confirms a CSRF issue impacting Paid Member Subscriptions, and PT Security notes that for versions 2.10.4 and earlier the fix is to update t...

WordPress Plugin Paid Membership Subscriptions Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-14176 · Cozmoslabs · Cozmoslabs Paid Member Subscriptions

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions 2.10.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Cozmoslabs Paid Member Subscriptions. This issue allows an attacker to perform unintended actions on a user's accoun...

OpenMetadata Security Vulnerabilities

OpenMetadata is a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4 that stems from a SpEL injection vulnerability in PUT...

BIT-GITLAB-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

BIT-GITLAB-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

BIT-MOODLE-2021-36400

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions...

BIT-MATTERMOST-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...