Authorization

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

CVE-2023-35914

CVE-2023-35914 (WooCommerce Subscriptions) is an IDOR-type vulnerability in the plugin’s

CVE-2023-35914 WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

PT-2023-25379 · Woocommerce · Woocommerce Subscriptions

Name of the Vulnerable Software and Affected Versions: WooCommerce Woo Subscriptions versions prior to 5.1.3 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects WooCommerce Woo Subscriptions, allowing unauthorized...

WordPress Plugin Woo Subscriptions Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Woo...

Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

By Deeba Ahmed Google will delete free Google accounts that have not been signed into for two years and do not have any active subscriptions. This is a post from HackRead.com Read the original post: Google to Delete Inactive Gmail Accounts From Today: What You Need to Know...

WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery

Description The WooCommerce Subscription for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and not including, 4.6.0. This is due to missing or incorrect nonce validation when suspending or canceling subscriptions. This makes it possible for unauthenticated attackers to...

GHSA-R344-XW3P-2FRJ Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part respons...

CVE-2023-45812

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

Design/Logic Flaw

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

CVE-2023-45812

CVE-2023-45812 affects Apollo Router (Rust). A DoS can occur when handling multi-part responses if the client uses queries with @defer or Subscriptions and the router is configured with a coprocessor level coprocessor.supergraph.response in router.yaml. The vulnerability can cause the router to p...

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

Email posts to subscribers <= 6.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack Deactivate subscription with ID 53:...

WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF

Description The plugin does not have CSRF check when suspending and activating subscriptions, which could allow attackers to make a logged in admin suspend or activate arbitrary subscription via a CSRF attack PoC Deactivate subscription with ID 53:...

GHSA-W8VQ-3HF9-XPPX Apollo Router Unnamed "Subscription" operation results in Denial-of-Service

Impact This is a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when all of the following conditions are met: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 "impacted versions"; and 2. The...

Apollo Router Unnamed "Subscription" operation results in Denial-of-Service

Impact This is a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are enabled. It can be triggered when all of the following conditions are met: 1. Running Apollo Router v1.28.0, v1.28.1 or v1.29.0 "impacted versions"; and 2. The...

CVE-2023-41317

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...

Design/Logic Flaw

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...