3 matches found
EUVD-2026-11553
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...
CVE-2025-4610
CVE-2025-4610 affects the WP-Members Membership Plugin for WordPress (versions up to and including 3.5.2). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpmem_user_memberships shortcode caused by insufficient input sanitization and output escaping of user-provided attributes. E...
CVE-2024-1407
CVE-2024-1407 affects Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions for WordPress. The CSRF vulnerability exists in all versions up to 2.12.10 due to missing/incorrect nonce validation, allowing unauthenticated attackers to subscribe, modify, or cancel member...