CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

CVE-2023-7294 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

Uber: deleting payment profile during active trip puts account into arrears but active trip is temporarily “free”

Deleting a payment profile for an account that is actively taking a trip results in the trip not being charged, but moves the user's account into arrears and when a payment profile is added back, the account is charged the unpaid amount...

Uber: Changing paymentProfileUuid when booking a trip allows free rides

Requests made to the /proxy-rt/riders/me/pickup endpoint on https://m.uber.com/ failed to properly validate payment profile UUIDs. If an invalid payment profile UUID was specified, the trip would not be properly charged and would be free. If another user's payment profile UUID was specified, that...

secure.ryzom.com XSS vulnerability

Open Bug Bounty ID: OBB-47360 Description| Value ---|--- Affected Website:| secure.ryzom.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...