EUVD-2025-10841

Malicious code in bioql PyPI...

CVE-2024-1286

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

CVE-2022-2317

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter...

BIT-MOODLE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

CVE-2024-8520

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admininit or...

CVE-2024-1286

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site...

CVE-2024-25149

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...

GHSA-7M65-HMVG-RXPC Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Site Memberships Web before 5.0.10 from Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

PT-2022-19338 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.1 through 7.4.1 Liferay DXP 7.0 before fix pack 102 Liferay DXP 7.1 before fix pack 26 Liferay DXP 7.2 before fix pack 15 Liferay DXP 7.3 before service pack 3 Description: A stored cross-site scripting XSS issue i...

Account Takeover (ATO)

Pageflow is vulnerable to account takeover ATO. An insecure direct object reference is possible due to improper restriction to the user membership base object. An attacker with the manager role can modify any users memberships, resulting in account takeover...

Design/Logic Flaw

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the instance to gain access t...

Group Picker Should Not Listed All Groups

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...