Lucene search
+L

126 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8762

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-28208

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24962

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00456EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-29927

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 3:15 a.m.7 views

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS0.00456EPSS
Exploits0References4
CVE
CVE
added 2025/08/15 2:24 a.m.32 views

CVE-2025-6025

CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...

7.5CVSS7AI score0.00456EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/15 2:24 a.m.3 views

CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS7AI score0.00456EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/15 2:24 a.m.11 views

CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS0.00456EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.4 views

WordPress plugin Order Tip for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.5CVSS6.7AI score0.00456EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.5 views

CVE-2025-24625

Missing Authorization vulnerability in Naked Cat Plugins Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/...

4.3CVSS7.3AI score0.00461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.5 views

CVE-2024-12160

The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.7 views

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

5.3CVSS5.9AI score0.00588EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 p.m.9 views

CVE-2020-9587

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...

7.5CVSS6.7AI score0.05009EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:55 p.m.34 views

CVE-2025-48342

CVE-2025-48342 is a CSRF vulnerability in the WordPress plugin Dynamic Pricing & Discounts Lite for WooCommerce , affecting versions up to 2.0.3 (vendor:RedefiningTheWeb). The issue allows unauthorized actions via CSRF. The public sources in the provided documents indicate a patch/version fix at ...

5.4CVSS5.1AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 2:55 p.m.15 views

CVE-2025-48342 WordPress Dynamic Pricing & Discounts Lite for WooCommerce plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce woo-dynamic-pricing-discounts-lite allows Cross Site Request Forgery.This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through = 2.0.4...

5.4CVSS0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

WordPress plugin Dynamic Pricing & Discounts Lite for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

5.4CVSS5.5AI score0.00124EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/31 2:6 p.m.4 views

WordPress Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin <= 4.0.3 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Quantity Dynamic Pricing & Bulk Discounts for WooCommerce versions = 4.0.3...

6.5CVSS5.8AI score0.00237EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.5 views

WordPress plugin Quantity Dynamic Pricing & Bulk Discounts for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

6.5CVSS7.6AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.12 views

PT-2025-2263 · WordPress · Cp Contact Form With Paypal

Name of the Vulnerable Software and Affected Versions: CP Contact Form with PayPal plugin for WordPress versions up to, and including, 1.3.52 Description: The issue is due to missing or incorrect nonce validation on the cp contact form paypal check init actions function. This allows unauthenticat...

6.5CVSS9.5AI score0.00258EPSS
Exploits0References11
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.5 views

WordPress Taxonomy/Term and Role based Discounts for WooCommerce plugin <= 5.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Mika in WordPress Plugin Taxonomy/Term and Role based Discounts for WooCommerce versions = 5.1...

4.3CVSS6.9AI score0.00461EPSS
Exploits0Affected Software1
Rows per page
Query Builder