CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

PT-2025-45100

Name of the Vulnerable Software and Affected Versions FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce versions up to and including 3.6.4.1 Description The software contains a flaw that allows unauthenticated attackers to extract sensitive data, including...

EUVD-2024-32437

Malicious code in bioql PyPI...

EUVD-2025-10102

Malicious code in bioql PyPI...

EUVD-2025-27990

Malicious code in bioql PyPI...

EUVD-2022-24855

Malicious code in bioql PyPI...

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

CVE-2025-41441

CVE-2025-41441 affects Mailform Pro CGI versions prior to 4.3.4. The vulnerability stems from error messages that disclose sensitive information (CWE-209), which may allow a remote unauthenticated attacker to obtain coupon codes in systems that enable the coupon feature. Impact is limited to prod...

Mailform Pro CGI generating error messages containing sensitive information

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

PT-2025-22903 · Unknown · Mailform Pro Cgi

Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions prior to 4.3.4 Description: The issue allows a remote unauthenticated attacker to obtain coupon codes due to error messages containing sensitive information. This only affects products that use the coupon feature...

JVN#39546799: Mailform Pro CGI generating error messages containing sensitive information

Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 3.7...

CVE-2024-3869

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

CVE-2025-27435

Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and...

CVE-2025-27435

Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and...

CVE-2025-27435 Information Disclosure Vulnerability in SAP Commerce Cloud

Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and...

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

CVE-2024-33003

CVE-2024-33003 affects SAP Commerce Cloud via the OCC API Endpoint component. The root issue is that certain OCC API endpoints may include PII (passwords, emails, mobile numbers, coupon/voucher codes) in the request URL as query or path parameters, leading to potential disclosure and integrity im...

CVE-2024-3869

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...