WordPress Reviewify plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary WooCommerce Coupon Creation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Reviewify versions = 1.0.6...

PT-2025-6540 · WordPress · Scratch & Win – Giveaways/Contests

Name of the Vulnerable Software and Affected Versions: Scratch & Win – Giveaways and Contests plugin for WordPress versions up to, and including, 2.8.0 Description: The issue is related to a missing capability check on the apmswn create discount function, allowing unauthorized access. This enable...

WordPress Scratch & Win – Giveaways and Contests plugin <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation vulnerability

Missing Authorization to Unauthenticated Coupon Creation vulnerability discovered by Peter Thaleikis in WordPress Plugin Scratch & Win – Giveaways and Contests versions = 2.8.0...

Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms

CVE-2022-47130 Academy LMS = 5.10 CSRF Description Acad...

WordPress Smart Online Order for Clover plugin <= 1.5.5 - CSRF Leading to Coupon Creation/Modification vulnerability

CSRF Leading to Coupon Creation/Modification vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.5...