CVE-2023-23629

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...

CVE-2023-51522

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2022-2498

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author...

CVE-2021-24728

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...

CVE-2013-1829

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role...

CVE-2012-6106

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...

PT-2025-16940 · Undefined · Undefined

CVE-2025-4162026 Security Advisory https://t.co/BNN9CFmeav Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x...

The vulnerability of the “Subscriptions” module in the GraphQL API of the software platform based on git for collaborative code development on GitLab allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the “Subscriptions” module in the GraphQL API of the software platform based on Git for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass security restrictions and gain...

PT-2025-16279 · Autogpt · Autogpt

Name of the Vulnerable Software and Affected Versions: AutoGPT versions prior to 0.6.1 Description: The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph id+graph version. However, there was no check prohibiting users from subscribing with anoth...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions prior to 6.6.10.3 and prior to 6.5.8.17, which stems from a default setting that allows unconfirmed bulk news subscriptions...

CVE-2025-31088

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through = 2.14.3...

CVE-2025-30900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0...

WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Paid Member Subscriptions versions = 2.14.3...

CVE-2025-31088

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through = 2.14.3...

CVE-2025-31088 WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through = 2.14.3...

CVE-2025-31088

CVE-2025-31088 is a stored XSS in Paid Membership Subscriptions (WordPress) caused by improper input neutralization during web page generation. Affected: Paid Membership Subscriptions up to version 2.14.3 (no fixed version specified in the provided docs). The description indicates stored XSS rath...

CVE-2025-31088 WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through = 2.14.3...

WordPress plugin Paid Member Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2025-30900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0...

CVE-2025-30900

CVE-2025-30900 describes a stored cross-site scripting vulnerability in Zoho Subscriptions – Zoho Billing Embed Payment Form. The issue is caused by improper neutralization of input during web page generation, allowing an attacker to inject malicious scripts that are stored and later executed in ...