126 matches found
PT-2024-24411 · Elex · Elex Woocommerce Dynamic Pricing/Discounts
Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Dynamic Pricing and Discounts versions n/a through 2.1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It affects the ELEX WooCommerce Dynamic Pricing and Discounts plugin. Recommendations: For...
ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Reflected Cross-Site Scripting
Description The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-31255
CVE-2024-31255 affects the ELEX WooCommerce Dynamic Pricing and Discounts WordPress plugin. The connected data confirms a Reflected XSS due to Improper Neutralization of Input During Web Page Generation, impacting versions up to 2.1.2 (n/a–2.1.2). The CVE entry provides a CVSS score of 7.1 (HIGH,...
WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts versions = 2.1.2...
VulnCheck KEV: CVE-2024-25925
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...
BIT-MAGENTO-2020-9587
Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts...
CVE-2024-25925
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...
Design/Logic Flaw
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...
CVE-2024-25925 WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12...
WordPress Plugin WooCommerce Easy Checkout Field Editor, Fees & Discounts Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WooCommerce Easy Checkout...
PT-2024-21218 · WordPress · Woocommerce Checkout Field Editor
Name of the Vulnerable Software and Affected Versions: WooCommerce Easy Checkout Field Editor, Fees & Discounts versions n/a through 3.5.12 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the specified versions of WooCommerce Easy Checkout...
CVE-2024-0617
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
CVE-2024-0617
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
PT-2024-15693 · WordPress · Category Discount Woocommerce
Name of the Vulnerable Software and Affected Versions: Category Discount Woocommerce plugin for WordPress versions up to, and including, 4.12 Description: The issue arises from a missing capability check on the wpcd save discount function, allowing unauthenticated attackers to modify product...
Facial Scanning by Burger King in Brazil
In 2000, I wrote: "If McDonalds offered three free Big Macs for a DNA sample, there would be lines around the block." Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: "At the end of the year, its Friday every day, and the hangover...
First Order Discount Woocommerce < 1.22 - Discount Update via CSRF
Description The plugin does not have CSRF check in its fodwsavediscount function, which could allow attackers to make logged in admins update discounts via a CSRF attack...
Authorization
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...
CVE-2021-4353
The CVE-2021-4353 entry concerns the WordPress plugin WooCommerce Dynamic Pricing and Discounts . The vulnerability is an unauthenticated export of the plugin’s settings caused by missing authorization in the export() function, affecting versions up to and including 2.4.1. The available documents...
WordPress Plugin WooCommerce Dynamic Pricing and Discounts Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Bonding WETH discounts can drain WETH reserves of RdpxV2Core contract to zero
Lines of code Vulnerability details Impact Depending on the reserves of rDPX, bonding discounts are given both on the rDPX and WETH collateral requirements for minting dpxETH. The bonding discounts for both rDPX and WETH portions are provided as rDPX which is taken from the treasury. The issue wi...