CVE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

CVE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

CVE-2025-69347

CVE-2025-69347 is an IDOR vulnerability in Convers Lab WPSubscription for WordPress WPSubscription plugin versions up to 1.8.10, enabling a user-controlled key to bypass authorization and access objects/resources that should be restricted. Public sources (NVD/Red Hat/EUVD) describe an Authorizati...

CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

CVE-2026-24944

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through = 10.44...

PT-2026-7196

Name of the Vulnerable Software and Affected Versions WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.24 Description The software contains a flaw that allows unauthorized modification of data,...

CVE-2025-66107 WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through = 1.1.7...

WordPress plugin Subscriptions & Memberships for PayPal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

MAL-2025-186934 Malicious code in extremophile-ophiuchus-rollup-plugin-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d5814aeadd2075aafefcfdf7e08fa80138940a6d61e92b031d99103d60885e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-37972

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

EUVD-2023-26820

Malicious code in bioql PyPI...

CVE-2024-13461

The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on...

WordPress Email Subscription Popup plugin <= 1.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via print_email_subscribe_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via printemailsubscribeform Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Email Subscription Popup versions = 1.2.22...

WordPress plugin WP Newsletter Subscription 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress Email Subscription Popup Plugin <= 1.2.18 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscription Popup Type Plugin Vulnerable versions = 1.2.18 Fixed in 1.2.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6527 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 85e40131e875 Credits 0x9567b...

CVE-2023-22685

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.2 versions...

CVE-2023-22685

CVE-2023-22685 represents an authenticated stored cross-site scripting (XSS) vulnerability in the WordPress plugin Category Specific RSS feed Subscription (Category Specific RSS feed Menu) for versions

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.1 versions...

CVE-2023-22691 WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.1 versions...