Lucene search
+L

126 matches found

Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.7 views

PT-2024-24411 · Elex · Elex Woocommerce Dynamic Pricing/Discounts

Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Dynamic Pricing and Discounts versions n/a through 2.1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It affects the ELEX WooCommerce Dynamic Pricing and Discounts plugin. Recommendations: For...

4.3CVSS6.9AI score0.00205EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.13 views

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Reflected Cross-Site Scripting

Description The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.3AI score0.00334EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/07 5:51 p.m.49 views

CVE-2024-31255

CVE-2024-31255 affects the ELEX WooCommerce Dynamic Pricing and Discounts WordPress plugin. The connected data confirms a Reflected XSS due to Improper Neutralization of Input During Web Page Generation, impacting versions up to 2.1.2 (n/a–2.1.2). The CVE entry provides a CVSS score of 7.1 (HIGH,...

7.1CVSS8.6AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/05 7:14 a.m.5 views

WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts versions = 2.1.2...

7.1CVSS6.1AI score0.00334EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/04/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-25925

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...

10CVSS7.3AI score0.0063EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:3 a.m.35 views

BIT-MAGENTO-2020-9587

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...

7.5CVSS7.4AI score0.05009EPSS
Exploits0References2
OSV
OSV
added 2024/02/26 4:27 p.m.6 views

CVE-2024-25925

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...

9.8CVSS7.3AI score0.0063EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.11 views

Design/Logic Flaw

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...

7.5CVSS7.2AI score0.0063EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/26 3:9 p.m.23 views

CVE-2024-25925 WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...

10CVSS9.7AI score0.0063EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

WordPress Plugin WooCommerce Easy Checkout Field Editor, Fees & Discounts Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WooCommerce Easy Checkout...

10CVSS7.1AI score0.0063EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.5 views

PT-2024-21218 · WordPress · Woocommerce Checkout Field Editor

Name of the Vulnerable Software and Affected Versions: WooCommerce Easy Checkout Field Editor, Fees & Discounts versions n/a through 3.5.12 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the specified versions of WooCommerce Easy Checkout...

10CVSS9.1AI score0.0063EPSS
Exploits0References5
NVD
NVD
added 2024/01/25 2:15 a.m.23 views

CVE-2024-0617

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

5.3CVSS5.1AI score0.0049EPSS
Exploits0References3
OSV
OSV
added 2024/01/25 2:15 a.m.11 views

CVE-2024-0617

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

5.3CVSS5.8AI score0.0049EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.10 views

PT-2024-15693 · WordPress · Category Discount Woocommerce

Name of the Vulnerable Software and Affected Versions: Category Discount Woocommerce plugin for WordPress versions up to, and including, 4.12 Description: The issue arises from a missing capability check on the wpcd save discount function, allowing unauthenticated attackers to modify product...

5.3CVSS6.1AI score0.0049EPSS
Exploits0References9
Schneier on Security
Schneier on Security
added 2024/01/10 12:5 p.m.16 views

Facial Scanning by Burger King in Brazil

In 2000, I wrote: "If McDonalds offered three free Big Macs for a DNA sample, there would be lines around the block." Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: "At the end of the year, its Friday every day, and the hangover...

7.3AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/12/10 12:0 a.m.16 views

First Order Discount Woocommerce < 1.22 - Discount Update via CSRF

Description The plugin does not have CSRF check in its fodwsavediscount function, which could allow attackers to make logged in admins update discounts via a CSRF attack...

8.8CVSS8.6AI score0.00254EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/20 7:15 a.m.22 views

Authorization

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

5CVSS5.2AI score0.00588EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/10/20 6:35 a.m.35 views

CVE-2021-4353

The CVE-2021-4353 entry concerns the WordPress plugin WooCommerce Dynamic Pricing and Discounts . The vulnerability is an unauthenticated export of the plugin’s settings caused by missing authorization in the export() function, affecting versions up to and including 2.4.1. The available documents...

5.3CVSS5.2AI score0.00588EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.4 views

WordPress Plugin WooCommerce Dynamic Pricing and Discounts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.7AI score0.00588EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.17 views

Bonding WETH discounts can drain WETH reserves of RdpxV2Core contract to zero

Lines of code Vulnerability details Impact Depending on the reserves of rDPX, bonding discounts are given both on the rDPX and WETH collateral requirements for minting dpxETH. The bonding discounts for both rDPX and WETH portions are provided as rDPX which is taken from the treasury. The issue wi...

7.1AI score
Exploits0
Rows per page
Query Builder