5 matches found
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
CVE-2025-3282
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...
GHSA-QCQV-38JG-2R43 Pageflow vulnerable to insecure direct object reference in membership update endpoint
Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...
Pageflow vulnerable to insecure direct object reference in membership update endpoint
Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...
PT-2022-28272 · Pageflow · Pageflow
Name of the Vulnerable Software and Affected Versions: Pageflow versions prior to 14.5.2 Pageflow versions prior to 15.7.1 Description: The issue allows attackers to update membership objects associated with their own account to be associated with a different account, potentially compromising all...