WordPress WooCommerce Subscriptions Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WooCommerce Subscriptions is a subscription plugin used in it. A cross-site scripting vulnerability exists in WordPress...

IBM Cognos Analytics Elevation of Privilege Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A security vulnerability exists...

CVE-2019-4589

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449...

WordPress Email Subscribers & Newsletters Cross-Site Request Forgery Vulnerability (CNVD-2020-44908)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. A cross-site request forgery vulnerability...

WordPress WooCommerce Subscriptions Plugin < 2.6.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113732";...

WooCommerce Subscriptions < 2.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user could put XSS payload in their billing details when subscribing, which will then be executed in the admin dashboard when moused over...

WordPress WooCommerce Subscriptions premium plugin <= 2.6.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by PRECURSOR SECURITY in WordPress WooCommerce Subscriptions premium plugin versions = 2.6.2. Solution Update the WordPress WooCommerce Subscriptions premium plugin to the latest available version at least 2.6.3...

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

Cross site scripting

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

CVE-2019-18834

CVE-2019-18834 affects the WordPress plugin WooCommerce Subscriptions (pre-2.6.3). The vulnerability is a persistent cross-site scripting (XSS) flaw caused by mishandling of Billing Details in WCS_Admin_Post_Types (class-wcs-admin-post-types.php), allowing remote attackers to execute arbitrary Ja...

HPSBHF03675 rev. 1 - Synaptics® Fingerprint Drivers that use SGX

Potential Security Impact Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported By: Synaptics ® VULNERABILITY SUMMARY Synaptics has notified HP of a potential security vulnerability in certain versions of Synaptics Fingerprint Sensor Drivers using Intel® Software...

GHSA-W42G-7VFC-XF37 Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

Virtual machines don't respond to your operation in SCVMM in Windows Server 2012 R2

Virtual machines don't respond to your operation in SCVMM in Windows Server 2012 R2 This article describes an issue in which virtual machines VM don't respond to your operation in System Center 2012 R2 Virtual Machine Manager SCVMM in Windows Server 2012 R2. Before you install this update, see th...

Description of Update Rollup 5 for System Center 2012 R2 Operations Manager

Description of Update Rollup 5 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 R2 Operations Manager. This article also contains the installation instructions for Update Rollup 5 for...

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

Nextcloud Server < 15.0.14, 16.x < 16.0.7, 17.x < 17.0.2 SSRF Vulnerability (NC-SA-2020-014)

Nextcloud Server is prone to a server-side request forgery SSRF protection bypass vulnerability in calendar subscriptions. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

New 'Haken' Malware Found On Eight Apps In Google Play Store

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which...