QwikSec

Security Database

CVE

CWE

Training

CVE-2022-27629

Published: Apr 20, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.

Vendor	Product	Versions
VideoWhisper	MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership	affected `versions prior to 1.9.6`

References

https://plugins.trac.wordpress.org/changeset?new=2362275%40paid-membership&old=2345274%40paid-membership

x_refsource_MISC

https://wordpress.org/plugins/paid-membership/

x_refsource_MISC

https://jvn.jp/en/jp/JVN31606885/index.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.