CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

CVE-2024-1390 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

CVE-2024-1390

CVE-2024-1390 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The vulnerability is a missing capability check in the creating_pricing_table_page function across versions up to 2.11.1, allowing authenticated users wit...

WordPress Paid Member Subscriptions Plugin <= 2.11.1 is vulnerable to Broken Access Control

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.11.1 Fixed in 2.11.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6361d41c5a14 Credits Lucio Sá Required...

Mattermost Jira Plugin does not properly check security levels

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

GHSA-QR8F-CJW7-838M Mattermost Jira Plugin does not properly check security levels

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

CVE-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

CVE-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

Design/Logic Flaw

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

WooCommerce Subscriptions < 5.8.0 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function, making it possible for authenticated attackers, with contributor-level access and above, to make use of that function...

WordPress WooCommerce Subscriptions Plugin < 5.8.0 is vulnerable to Broken Access Control

Software WooCommerce Subscriptions Type Plugin Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50850 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18ef9f3672af Credits Rafie Muhammad...

Paid Member Subscriptions < 2.10.5 - Cross-Site Request Forgery via ajax_add_log_entry

Description The Paid Member Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the ajaxaddlogentry function. This makes it possible for unauthenticated attackers to modify...

WordPress Paid Member Subscriptions Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.10.4 Fixed in 2.10.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51522 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89f9209574c0 Credits Brandon...

CVE-2023-35914

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

CVE-2023-35914

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

CVE-2023-35914 WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

CVE-2023-35914

CVE-2023-35914 (WooCommerce Subscriptions) is an IDOR-type vulnerability in the plugin’s

WordPress Plugin Woo Subscriptions Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Woo...

PT-2023-25379 · Woocommerce · Woocommerce Subscriptions

Name of the Vulnerable Software and Affected Versions: WooCommerce Woo Subscriptions versions prior to 5.1.3 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects WooCommerce Woo Subscriptions, allowing unauthorized...