Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin on
The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized
The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to miss
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a befo
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers contai
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to ins
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
Subscriber Broken Access Control in Amelia <= 2.2 versions.
Page 1+ Next →