EUVD-2022-28592

Malicious code in bioql PyPI...

EUVD-2025-9212

Malicious code in bioql PyPI...

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

CVE-2025-31812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas BuddyPress Members Only buddypress-members-only allows Stored XSS.This issue affects BuddyPress Members Only: from n/a through = 3.5.3...

WordPress BuddyPress Members Only plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin BuddyPress Members Only versions = 3.5.3...

CVE-2025-31812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas BuddyPress Members Only buddypress-members-only allows Stored XSS.This issue affects BuddyPress Members Only: from n/a through = 3.5.3...

CVE-2025-31812 WordPress BuddyPress Members Only plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tomas BuddyPress Members Only buddypress-members-only allows Stored XSS.This issue affects BuddyPress Members Only: from n/a through = 3.5.3...

CVE-2025-31812

CVE-2025-31812 : Stored XSS in BuddyPress Members Only (WordPress) due to improper input neutralization during web page generation; affects BuddyPress Members Only 3.5.3 and earlier. Exploitation details are not provided in the initial document, but Wordfence’s vulnerability listing indicates the...

CVE-2024-0972

The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest"...

CVE-2024-0972

The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest"...

WordPress BuddyPress Members Only plugin <= 3.4.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin BuddyPress Members Only versions = 3.4.8...

WordPress BuddyPress Members Only Plugin <= 3.3.5 is vulnerable to Sensitive Data Exposure

Software BuddyPress Members Only Type Plugin Vulnerable versions = 3.3.5 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0972 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 96dc46493939 Credits Francesco Carlucci...

WordPress plugin BuddyPress Members Only security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin BuddyPress Members...

BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API

Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to...

DRUPAL-CONTRIB-2022-061

Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...

GitLab 8.12 < 14.8.6 / 14.9 < 14.9.4 / 14.10 < 14.10.1 (CVE-2022-1417)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allo...

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

CVE-2022-1417

Removed by vendor...

WordPress bbPress Members Only plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress bbPress Members Only plugin versions = 1.2.1. Solution Update the WordPress bbPress Members Only plugin to the latest available version at least 1.3.1...

bbPress Members Only <= 1.2.1 - CSRF on Optional Settings page

The plugin does not prevent Cross-Site Request Forgery attacks on its 'Optional Settings' page...