872 matches found
WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection
WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discountcode in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
LearnPress < 4.2.7.4 - Course Material - Information Disclosure
LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...
Zarinpal Paid Download - Reflected XSS
Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...
CVE-2026-42341
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...
CVE-2026-57348
Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...
CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability
Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...
CVE-2026-57348
CVE-2026-57348 affects WordPress plugin Paid Member Subscriptions (versions <= 3.0.4). An unauthenticated server-side request forgery (SSRF) vulnerability exists in this plugin, enabling an attacker to induce the server to fetch arbitrary resources. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C...
CVE-2026-11965
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...
CVE-2026-11965 User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...
CVE-2026-11965
The CVE-2026-11965 entry affects the WordPress plugin User Registration & Membership prior to version 5.2.0. The underlying issue is that the plugin does not enforce payment completion before activating a paid membership subscription, enabling unauthenticated users (after self-registering via the...
CVE-2026-57331
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...
CVE-2026-57331 WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...
EUVD-2026-40102
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...
PT-2026-53292
Name of the Vulnerable Software and Affected Versions Paid Videochat Turnkey Site versions 7.4.8 and earlier Description An issue exists that allows a performer to perform arbitrary file deletion within the system. Recommendations At the moment, there is no information about a newer version that...
CVE-2026-10820
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...
CVE-2026-10820
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...
CVE-2026-57659
Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...
CVE-2026-57659 WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...
EUVD-2026-39664
Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...
CVE-2026-57659
CVE-2026-57659 describes an unauthenticated CSRF vulnerability in the WordPress plugin Paid Memberships Pro – Add Member From Admin (versions