1073 matches found
CVE-2024-1390
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...
CVE-2024-1389
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...
CVE-2024-1390
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...
WordPress Plugin Paid Membership Subscriptions Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Paid Membership Subscriptions Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...
CVE-2024-1390
CVE-2024-1390 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The vulnerability is a missing capability check in the creating_pricing_table_page function across versions up to 2.11.1, allowing authenticated users wit...
CVE-2024-1390 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...
WordPress Paid Member Subscriptions Plugin <= 2.11.1 is vulnerable to Broken Access Control
Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.11.1 Fixed in 2.11.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6361d41c5a14 Credits Lucio Sá Required...
Mattermost Jira Plugin does not properly check security levels
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
GHSA-QR8F-CJW7-838M Mattermost Jira Plugin does not properly check security levels
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
Design/Logic Flaw
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
WooCommerce Subscriptions < 5.8.0 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function, making it possible for authenticated attackers, with contributor-level access and above, to make use of that function...
WordPress WooCommerce Subscriptions Plugin < 5.8.0 is vulnerable to Broken Access Control
Software WooCommerce Subscriptions Type Plugin Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50850 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18ef9f3672af Credits Rafie Muhammad...
Paid Member Subscriptions < 2.10.5 - Cross-Site Request Forgery via ajax_add_log_entry
Description The Paid Member Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the ajaxaddlogentry function. This makes it possible for unauthenticated attackers to modify...
WordPress Paid Member Subscriptions Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.10.4 Fixed in 2.10.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51522 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89f9209574c0 Credits Brandon...
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...