CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

AWS VDP: Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on ██████████

A vulnerability was found in the coupon code system of the ██████████ online store. The coupon code for free shipping could be used multiple times on any number of orders without any restrictions or tracking. This allowed users to bypass shipping charges indefinitely, resulting in a direct...

PT-2024-34381 · Crmeb · Crmeb

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.4.0 Description: The issue allows users to bypass the front-end restriction of only being able to claim coupons once. This can be achieved by capturing packets and sending a large number of data packets for coupon...