18 matches found
EUVD-2024-48535
Malicious code in bioql PyPI...
EUVD-2024-48536
Malicious code in bioql PyPI...
CVE-2024-7649
The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-7649
The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-7648
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access...
WordPress Opal Membership plugin <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Karolina Jankowska in WordPress Plugin Opal Membership versions = 1.2.4...
WordPress Opal Membership plugin <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure vulnerability
Authenticated Subscriber+ Information Disclosure vulnerability discovered by Karolina Jankowska in WordPress Plugin Opal Membership versions = 1.2.4...
WordPress plugin Opal Membership 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Opal Membership 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Opal Membership Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure
Software Opal Membership Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7648 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 214acb8454b5 Credits Karolina Jankowska Required...
WordPress Opal Membership Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Opal Membership Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7649 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6b301b87dfe8 Credits Karolina Jankowska...
CVE-2024-7649
CVE-2024-7649 (Opal Membership, WordPress) : Stored XSS in checkout form fields across all versions up to and including 1.2.4 due to insufficient input sanitization and output escaping. Unauthenticated attackers could inject scripts that run when users load injected pages. No public remediation d...
CVE-2024-7649 Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting
The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-7649 Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting
The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-7648 Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-7648
CVE-2024-7648 affects the Opal Membership plugin for WordPress. The vulnerability allows Sensitive Information Exposure in all versions up to 1.2.4 through the private notes feature on payments that uses WordPress comments. As a result, authenticated users with subscriber-level access or higher c...
CVE-2024-7648 Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access...
PT-2024-38479 · WordPress · Opal Membership
Name of the Vulnerable Software and Affected Versions: Opal Membership plugin for WordPress versions up to and including 1.2.4 Description: The issue allows authenticated attackers with subscriber-level access and above to view private notes that should be restricted to administrators. This is...