WordPress Paid Membership Subscriptions plugin <= 2.13.7 - Authentication Bypass via pms_payment_id vulnerability

Authentication Bypass via pmspaymentid vulnerability discovered by wesley wcraft in WordPress Plugin Paid Member Subscriptions versions = 2.13.7...

CVE-2023-50850

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

CVE-2023-50850

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...

WordPress plugin WooCommerce Subscriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress plugin...

PT-2024-13977 · Woocommerce · Woocommerce Subscriptions

Name of the Vulnerable Software and Affected Versions: WooCommerce Subscriptions versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability in Woo WooCommerce Subscriptions, allowing exploitation of incorrectly configured access control security levels...

CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

Authorization Bypass Through User-Controlled Key

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatesubscription endpoint. An authenticated attacker can modify other users' Stripe subscriptions by manipulating the email parameter in the...

khoj has an IDOR in subscription management allows unauthorized subscription modifications

Summary An Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. Details The vulnerability exists in the subscription endpoint at...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-11291

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated...

CVE-2024-11291

CVE-2024-11291 affects the Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress. The vulnerability enables Sensitive Information Exposure through the WordPress core search feature, allowing unauthenticated attackers to extract restr...

WordPress plugin Paid Membership Subscriptions 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2024-11683 Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting

The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tokentype' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-11683 Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting

The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tokentype' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress Newsletter Subscriptions plugin <= 2.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Newsletter Subscriptions versions = 2.1...

WordPress plugin Newsletter Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...