Lucene search
+L

344 matches found

Cvelist
Cvelist
added 2024/10/16 2:5 a.m.24 views

CVE-2024-8541 Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting

The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. Th...

4.7CVSS0.004EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.3 views

WordPress plugin Discount Rules for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.3CVSS6.7AI score0.00339EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/15 1:5 p.m.3 views

WordPress Discount Rules for WooCommerce plugin <= 2.6.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Discount Rules for WooCommerce versions = 2.6.5...

6.1CVSS6.3AI score0.004EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36834

The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-10844 · WordPress · Discount Rules For Woocommerce

Name of the Vulnerable Software and Affected Versions: Discount Rules for WooCommerce plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to missing authorization via several AJAX actions due to missing capability checks on various functions. This allows...

6.3CVSS7.5AI score0.00339EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.2 views

WordPress plugin Discount Rules for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6AI score0.004EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/07 12:0 a.m.6 views

Simple Invoice Generator System SQL注入漏洞

Simple Invoice Generator System is a simple invoice generator system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Simple Invoice Generator System version 1.0, which originates in the invoicecode/customer/cashier/totalamount/discountpercentage of the /saveinvoice.ph...

8.8CVSS7AI score0.00415EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/06 1:2 p.m.15 views

CVE-2024-45300 Bypassing promo code limitations with race conditions

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...

7.5CVSS7AI score0.0042EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.5 views

alf.io 安全漏洞

Alf.io is a free and open source event attendance management system open-sourced by Alf.io. A security vulnerability exists in versions of alf.io prior to 2.0-M5, which stems from a race condition that could allow a user to bypass the quantity limit of a promotional code and use a discount coupon...

7.5CVSS6.8AI score0.0042EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.11 views

The vulnerability of the `promotion_discount` parameter in the Netcat Netshop CMS system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the promotiondiscount parameter in the Netcat NetShop CMS system relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.7AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/27 12:0 a.m.3 views

WordPress plugin ParityPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.5CVSS6.4AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/27 12:0 a.m.4 views

PT-2024-37784 · WordPress · Paritypress – Parity Pricing With Discount Rules

Name of the Vulnerable Software and Affected Versions: The ParityPress – Parity Pricing with Discount Rules plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the...

5.5CVSS5.9AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.8 views

PT-2024-5686 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the promotion discount parameter in the Netcat Netshop CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker t...

9CVSS7.5AI score
Exploits0References2
Cvelist
Cvelist
added 2024/07/15 6:0 a.m.41 views

CVE-2024-6073 WP eStore < 8.5.5 - Reflected XSS in Discount Editing

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00317EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/15 6:0 a.m.13 views

CVE-2024-6073 WP eStore < 8.5.5 - Reflected XSS in Discount Editing

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00317EPSS
Exploits1References1
OSV
OSV
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:10718-1 discount-2.2.7-1.3 on GA media

These are all security issues fixed in the discount-2.2.7-1.3 package on the GA media of openSUSE Tumbleweed...

5.5CVSS5.5AI score0.01785EPSS
Exploits2References2
OSV
OSV
added 2024/06/08 8:15 a.m.4 views

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

5.4CVSS5.8AI score0.00385EPSS
Exploits0References9
NVD
NVD
added 2024/06/08 8:15 a.m.27 views

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

5.4CVSS0.00385EPSS
Exploits0References9
CVE
CVE
added 2024/06/08 7:37 a.m.57 views

CVE-2024-4468

CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...

5.4CVSS4.7AI score0.00385EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/08 7:37 a.m.15 views

CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS6.4AI score0.00385EPSS
Exploits0References9
Rows per page
Query Builder