Vulnerabilities and security researches forleaky-paywall leaky-paywall

Jun 06, 2024

CVE, Research URL: CVE-2021-39357
Home page URL: Security reports for Leaky Paywall
Application: Leaky Paywall
Date: Oct 22, 2021
Research Description: The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-33594
Home page URL: Security reports for Leaky Paywall
Application: Leaky Paywall
Date: Apr 29, 2024
Research Description: Missing Authorization vulnerability in Leaky Paywall.This issue affects Leaky Paywall: from n/a through 4.20.8.
Affected versions: Min -, max -.
Status: vulnerable

Jul 12, 2024

CVE, Research URL: CVE-2024-37540
Home page URL: Security reports for Leaky Paywall
Application: Leaky Paywall
Date: Jan 02, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31083
Home page URL: Security reports for Leaky Paywall
Application: Leaky Paywall
Date: Mar 28, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7.
Affected versions: Min -, max -.
Status: vulnerable