1017 matches found
EUVD-2026-11073
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
EUVD-2026-11074
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...
CVE-2026-3453
Affected software: ProfilePress plugin for WordPress (versions up to and including 4.16.11). Vulnerability details: Insecure Direct Object Reference due to missing ownership validation on the change_plan_sub_id parameter in process_checkout()’s AJAX handler. The handler loads a subscription and c...
CVE-2025-66956
CVE-2025-66956 affects Asseco SEE Live 2.0’s Contact Plan, E-Mail, SMS and Fax components. Insecure access control permits remote attackers to access and execute attachments via a computable URL. Root cause is described as improper authorization checks in these components; the impact is remote ac...
PT-2026-24568
Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.11 Description The ProfilePress plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is a result of a lack of ownership validation on the change plan sub id parameter within...
CVE-2025-66956
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...
CVE-2025-66956
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...
CVE-2025-66956
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...
Asseco SEE Live 安全漏洞
Asseco SEE Live is a real-time customer interaction and notification management system for financial services offered by the Polish company Asseco. Version 2.0 of Asseco SEE Live contains a security vulnerability. This vulnerability stems from improper access control in the Contact Plan, E-Mail,...
Lovable VDP: Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription
A business logic vulnerability was identified that allowed users on a free plan to generate an invitation link that assigned the "Read Access" role, which was intended to be restricted to users with a Pro Plan subscription. The vulnerability was triggered by manipulating the invitation creation...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
EUVD-2025-208333
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
EUVD-2025-208330
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-30413
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 40497, Acronis Cyber Protect 17 Linux, macOS, Windows before build 41186...
CVE-2025-11790
Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 41124...