344 matches found
CVE-2024-8541 Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting
The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. Th...
WordPress plugin Discount Rules for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Discount Rules for WooCommerce plugin <= 2.6.5 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Discount Rules for WooCommerce versions = 2.6.5...
VulnCheck KEV: CVE-2020-36834
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions...
PT-2024-10844 · WordPress · Discount Rules For Woocommerce
Name of the Vulnerable Software and Affected Versions: Discount Rules for WooCommerce plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to missing authorization via several AJAX actions due to missing capability checks on various functions. This allows...
WordPress plugin Discount Rules for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Simple Invoice Generator System SQL注入漏洞
Simple Invoice Generator System is a simple invoice generator system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Simple Invoice Generator System version 1.0, which originates in the invoicecode/customer/cashier/totalamount/discountpercentage of the /saveinvoice.ph...
CVE-2024-45300 Bypassing promo code limitations with race conditions
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
alf.io 安全漏洞
Alf.io is a free and open source event attendance management system open-sourced by Alf.io. A security vulnerability exists in versions of alf.io prior to 2.0-M5, which stems from a race condition that could allow a user to bypass the quantity limit of a promotional code and use a discount coupon...
The vulnerability of the `promotion_discount` parameter in the Netcat Netshop CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the promotiondiscount parameter in the Netcat NetShop CMS system relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
WordPress plugin ParityPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37784 · WordPress · Paritypress – Parity Pricing With Discount Rules
Name of the Vulnerable Software and Affected Versions: The ParityPress – Parity Pricing with Discount Rules plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the...
PT-2024-5686 · Netcat · Netcat Netshop Cms
Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the promotion discount parameter in the Netcat Netshop CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker t...
CVE-2024-6073 WP eStore < 8.5.5 - Reflected XSS in Discount Editing
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6073 WP eStore < 8.5.5 - Reflected XSS in Discount Editing
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
OPENSUSE-SU-2024:10718-1 discount-2.2.7-1.3 on GA media
These are all security issues fixed in the discount-2.2.7-1.3 package on the GA media of openSUSE Tumbleweed...
CVE-2024-4468
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468
CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...