WooCommerce Subscriptions < 2.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user could put XSS payload in their billing details when subscribing, which will then be executed in the admin dashboard when moused over...

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

Cross site scripting

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

CVE-2019-18834

CVE-2019-18834 affects the WordPress plugin WooCommerce Subscriptions (pre-2.6.3). The vulnerability is a persistent cross-site scripting (XSS) flaw caused by mishandling of Billing Details in WCS_Admin_Post_Types (class-wcs-admin-post-types.php), allowing remote attackers to execute arbitrary Ja...

HPSBHF03675 rev. 1 - Synaptics® Fingerprint Drivers that use SGX

Potential Security Impact Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported By: Synaptics ® VULNERABILITY SUMMARY Synaptics has notified HP of a potential security vulnerability in certain versions of Synaptics Fingerprint Sensor Drivers using Intel® Software...

GHSA-W42G-7VFC-XF37 Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

Description of Update Rollup 5 for System Center 2012 R2 Operations Manager

Description of Update Rollup 5 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 R2 Operations Manager. This article also contains the installation instructions for Update Rollup 5 for...

Virtual machines don't respond to your operation in SCVMM in Windows Server 2012 R2

Virtual machines don't respond to your operation in SCVMM in Windows Server 2012 R2 This article describes an issue in which virtual machines VM don't respond to your operation in System Center 2012 R2 Virtual Machine Manager SCVMM in Windows Server 2012 R2. Before you install this update, see th...

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

Woocommerce Subscriptions < 3.0.3 - CSRF to Cancel/Re-Activate Subscription

During a blog assessment, we identified a CSRF issue in the Woocommerce Subscriptions plugin, which could allow attackers to cancel and re-activate a logged in user's subscription. Even though the wpnonce parameter was needed in the request, its value was not verified, allowing an empty value to ...

Nextcloud Server < 15.0.14, 16.x < 16.0.7, 17.x < 17.0.2 SSRF Vulnerability (NC-SA-2020-014)

Nextcloud Server is prone to a server-side request forgery SSRF protection bypass vulnerability in calendar subscriptions. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

New 'Haken' Malware Found On Eight Apps In Google Play Store

Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which...

Nord Security: Past payments using the Direct Debit method keep subscriptions active even if payments fail

I think this is a vulnerability that has no impact but it violates I found many accounts that are actively subscribed even though the payment failed, this is because the payment uses the Direct Debit method, and you have deleted it. Because Direct Debit payments have been deleted and no longer wo...

New Relic: Ability to buy PRO subscriptions by arbitrary reduced prices

Hey team, I've found that a malicious user can buy PRO subscriptions by arbitrarily reduced prices. Steps to reproduce 0 Make sure you have an account without subscriptions at APM PRO bought. If you don't – register a new one. It works for me inside the EU accounts at least. 1 Sign in this accoun...

MTN Group: OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions

Summary: https://play.mtn.co.za/ authenticates subscribers via OTP before their subscriptions to be changed. However, the request which sends the OTP also returns the OTP in the network response, allowing an attacker to manage a user's usbscriptions. Steps To Reproduce: 1. Visit...

Unwanted notifications in browser

When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achie...

CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php...

CVE-2012-1160

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+ affected...