CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2026/04/16 12:54 a.m.•8 views

EUVD-2026-23125

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS5.9AI score0.00316EPSS

Exploits0References8

Vulnrichment•added 2026/04/15 10:26 p.m.•2 views

CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription

4.3CVSS5.9AI score0.00316EPSS

Exploits0References7

Cvelist•added 2026/04/15 10:26 p.m.•24 views

CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription

4.3CVSS0.00316EPSS

Exploits0References7

ATTACKERKB•added 2026/04/15 10:26 p.m.•2 views

CVE-2026-4949

4.3CVSS5.9AI score0.00316EPSS

Exploits0References8

Positive Technologies•added 2026/04/15 12:0 a.m.•4 views

PT-2026-33181

4.3CVSS5.9AI score0.00316EPSS

Exploits0References10

RedhatCVE•added 2026/04/05 10:55 a.m.•4 views

CVE-2026-3445

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS5.9AI score0.00228EPSS

Exploits0References1

NVD•added 2026/04/04 9:16 a.m.•4 views

CVE-2026-3445

7.1CVSS0.00228EPSS

Exploits0References2

ATTACKERKB•added 2026/04/04 8:25 a.m.•3 views

CVE-2026-3445

7.1CVSS5.9AI score0.00228EPSS

Exploits0References3

CVE•added 2026/04/04 8:25 a.m.•16 views

CVE-2026-3445

The CVE-2026-3445 entry documents a vulnerability in the ProfilePress WordPress plugin (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) affecting all versions up to 4.16.11. Root cause: missing ownership verification on the change_plan_sub_i...

7.1CVSS5.9AI score0.00228EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 3:4 p.m.•4 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS

Exploits0References1

CVE•added 2026/03/11 2:22 a.m.•11 views

CVE-2026-3453

Affected software: ProfilePress plugin for WordPress (versions up to and including 4.16.11). Vulnerability details: Insecure Direct Object Reference due to missing ownership validation on the change_plan_sub_id parameter in process_checkout()’s AJAX handler. The handler loads a subscription and c...

8.1CVSS5.8AI score0.00379EPSS

Exploits0References5

ATTACKERKB•added 2026/03/11 2:22 a.m.•5 views

CVE-2026-3453

8.1CVSS5.8AI score0.00379EPSS

Exploits0References6

Vulnrichment•added 2026/03/11 2:22 a.m.•2 views

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

8.1CVSS5.8AI score0.00379EPSS

Exploits0References5

EUVD•added 2026/03/11 2:22 a.m.•4 views

EUVD-2026-11074

8.1CVSS5.8AI score0.00379EPSS

Exploits0References5

Positive Technologies•added 2026/03/11 12:0 a.m.•4 views

PT-2026-24568

Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.11 Description The ProfilePress plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is a result of a lack of ownership validation on the change plan sub id parameter within...

8.1CVSS5.9AI score0.00379EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2012-4697

Malware in sbrugna...

7.5CVSS6.1AI score0.03723EPSS

Exploits5References8

CNNVD•added 2025/07/02 12:0 a.m.•3 views

Nokia Single RAN 安全漏洞

Nokia Single RAN is a wireless network technology from Nokia, Finland. A security vulnerability exists in Nokia Single RAN 24R1-SR versions prior to 1.0 MP, which stems from a failure to validate input in the PlanId field of a SOAP provision operation message in the MNO internal RAN management...

6.4CVSS6.6AI score0.00229EPSS

Exploits0References1

OSV•added 2025/06/29 10:15 p.m.•5 views

CVE-2025-6874

A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/addsubscribe.php. The manipulation of the argument userid/planid leads to sql injection. It is possible to launch the attack remotely...

8.8CVSS5.7AI score0.00361EPSS

Exploits1References5

Positive Technologies•added 2023/09/17 12:0 a.m.•4 views

PT-2023-31527 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical issue has been found, affecting the file general/hr/recruit/plan/delete.php. The manipulation of the PLAN ID argument leads to sql injection. Recommendations: For versions up to 11.10,...

8.8CVSS6AI score0.00588EPSS

Exploits1References4

ATTACKERKB•added 2022/03/21 11:15 p.m.•2 views

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

9.8CVSS5.9AI score0.01532EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by