PT-2024-20726 · Softing · Softing Uatoolkit Embedded

Name of the Vulnerable Software and Affected Versions: Softing uaToolkit Embedded versions prior to 1.41.1 Description: An issue was discovered in Softing uaToolkit Embedded. When a subscription with a very low MaxNotificationPerPublish parameter is created, a publish response is mishandled,...

Paid Memberships Pro < 3.0 - Cross-Site Request Forgery

Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmproliftersavestreamlineoption...

CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...

CVE-2023-51522

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522 WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522 WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4...

CVE-2023-51522

CVE-2023-51522 is a CSRF vulnerability in the Cozmoslabs Paid Member Subscriptions WordPress plugin, affecting version 2.10.4 and earlier. Evidence from NVD confirms a CSRF issue impacting Paid Member Subscriptions, and PT Security notes that for versions 2.10.4 and earlier the fix is to update t...

WordPress Plugin Paid Membership Subscriptions Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

OpenMetadata Security Vulnerabilities

OpenMetadata is a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata versions prior to 1.2.4 that stems from a SpEL injection vulnerability in PUT...

PT-2024-14176 · Cozmoslabs · Cozmoslabs Paid Member Subscriptions

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions 2.10.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Cozmoslabs Paid Member Subscriptions. This issue allows an attacker to perform unintended actions on a user's accoun...

BIT-GITLAB-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

BIT-GITLAB-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

BIT-MOODLE-2021-36400

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions...

BIT-MATTERMOST-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

CVE-2024-1389

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

WordPress Plugin Paid Membership Subscriptions Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Paid Membership Subscriptions Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...