EUVD-2025-35913

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it...

EUVD-2015-9365

Malware in sbrugna...

TimeLock cannot schedule the same calls multiple times

Handle cmichel Vulnerability details The TimeLock.schedule function reverts if the same targets and data fields are used as the txHash will be the same. This means one cannot schedule the same transactions multiple times. Impact Imagine the delay is set to 30 days, but a contractor needs to be pa...

CVE-2015-9525

The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

Design/Logic Flaw

The Easy Digital Downloads EDD Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2015-9525

The CVE-2015-9525 issue concerns the Easy Digital Downloads (EDD) Recurring Payments extension for WordPress. The vulnerability is an XSS flaw caused by misusing add_query_arg in multiple EDD versions (1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before ...

Coinbase: Authentication Issue

Hello there, I noticed while creating Recurring payment while 2FA is enabled it asks a user to enter verification code. So when someone confirm the Reccuring payment a request is sent to : POST /recurringpayments/58087a3d6861ee015644fc48/confirm HTTP/1.1 Host: beta.coinbase.com User-Agent:...