9 matches found
EUVD-2025-10841
Malicious code in bioql PyPI...
EUVD-2024-49524
Malicious code in bioql PyPI...
EUVD-2022-34548
Malicious code in bioql PyPI...
CVE-2025-54717
CVE-2025-54717 affects the WordPress WP Membership plugin (versions up to 1.6.3). It is a Missing Authorization flaw due to incorrectly configured access control security levels, enabling a settings change vulnerability. Remediation: upgrade WP Membership to a version later than 1.6.3 (per Patchs...
CVE-2025-3292
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-1671 Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover
The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academistmembershipcheckfacebookuser function not properly verifying a user's identity prior to authenticating them. This makes it possible for...
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...
PT-2023-15927 · WordPress · Wcfm Membership
Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including, 2.9.10 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying membership details, changing renewal information, controlling...
Information disclosure
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue...