39 matches found
EUVD-2021-11143
Malware in sbrugna...
EUVD-2025-3792
Malicious code in bioql PyPI...
EUVD-2024-36659
Malicious code in bioql PyPI...
CVE-2025-24588
Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through = 1.9.1...
CVE-2024-37430
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...
CVE-2023-41129
Cross-Site Request Forgery CSRF vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6...
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...
CVE-2025-24588
Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through = 1.9.1...
WordPress plugin Patreon WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-5425 · Patreon · Patreon Wordpress
Name of the Vulnerable Software and Affected Versions: Patreon WordPress versions 1.9.1 and earlier Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.9.1 and earlier, update t...
CVE-2024-37430
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through = 1.9.0...
CVE-2024-37430
CVE-2024-37430 affects Patreon WordPress plugin (Patreon Connect) for WordPress,
WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
Image Protection Bypass vulnerability discovered by MCboyIR Patchstack Alliance in WordPress Plugin Patreon WordPress versions = 1.9.0...
CVE-2023-41129
Cross-Site Request Forgery CSRF vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6...
CVE-2023-41129
Cross-Site Request Forgery CSRF vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6...
PT-2023-27813 · Patreon · Patreon Wordpress
Name of the Vulnerable Software and Affected Versions: Patreon WordPress versions 1.8.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that...
Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the "Custom Patreon Page name" setting of the plugin...
Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the "Custom Patreon Page name" setting of the plugin and...