CVE-2025-49870

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through = 2.15.1...

CVE-2025-49870

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through = 2.15.1...

CVE-2025-49870

CVE-2025-49870 affects WordPress Paid Member Subscriptions (

CVE-2025-49870 WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through = 2.15.1...

CVE-2025-49870 WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through = 2.15.1...

WordPress plugin Paid Member Subscriptions SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2025-5695

Concluded: CVE-2025-5695 affects Teledyne FLIR AX8 Backend, specifically the subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm paths in /usr/www/application/models/subscriptions.php. Root cause described as command injection that can be triggered remotely over the network; exploitation is d...

Teledyne FLIR AX8 命令注入漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A command injection vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from a command injection in the file /usr/www/application/models/subscriptions.php in the component Backend...

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks...

CVE-2024-4006

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...

CVE-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

CVE-2024-32728

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0...

CVE-2024-1389

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

CVE-2024-56923

Stored Cross-Site Scripting XSS Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 = 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The...

CVE-2024-29320

Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php...

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

CVE-2023-41317

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when GraphQL Subscriptions are...

CVE-2023-35914

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible...