13 matches found
WordPress WP eCommerce plugin <= 3.15.1 - Coupon Deletion via CSRF vulnerability
Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eCommerce versions = 3.15.1...
CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...
CVE-2026-1128
The CVE describes a CSRF vulnerability in the WP eCommerce WordPress plugin up to version 3.15.1, where no CSRF check is performed when deleting coupons. Root cause: absence of CSRF protection in the coupon deletion flow. Affected software: WordPress plugin WP eCommerce (versions ≤ 3.15.1). Impac...
CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...
WordPress plugin WP eCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-23650
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...
CVE-2025-13628
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...
CVE-2025-13628
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...
CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...
CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...
PT-2026-1705
Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to and including 3.9.3 Description The Tutor LMS plugin for WordPress is affected by a flaw that allows unauthorized modification and deletion of data. This is due to a missing capability check in the bulk action handler...
WordPress WP eStore plugin < 8.5.5 - Coupon Deletion via CSRF vulnerability
Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...
CVE-2024-6075 WP eStore < 8.5.5 - Coupon Deletion via CSRF
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...