11 matches found
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
CVE-2026-2892 Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
EUVD-2026-26373
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...
PT-2026-36099
Name of the Vulnerable Software and Affected Versions Otter Blocks versions prior to 3.1.5 Description The plugin is subject to a purchase verification bypass. The get customer data method relies on an unsigned o stripe data cookie to determine product ownership for unauthenticated users...
CVE-2014-125112
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...
CVE-2014-125112
CVE-2014-125112 affects Plack::Middleware::Session::Cookie for Perl, with versions through 0.21 vulnerable. The issue allows an attacker to execute arbitrary code on the server during deserialization of cookie data when there is no secret used to sign the cookie. This results in remote code execu...
CVE-2025-61686
A security issue was discovered in the react-router/node component of React Router. It is possible for an attacker manipulate an unsigned cookie to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the...
Path Traversal
React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...
CVE-2025-61686
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...
CVE-2025-61686 React Router has Path Traversal in File Session Storage
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...