Exploit for CVE-2025-6440

CVE-2025-6440 — WordPress WooCommerce Dynamic Pricing & Discou...

CVE-2024-31364

Cross-Site Request Forgery CSRF vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2...

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery

Description The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on various function. This makes it possible for unauthenticated attackers t...

WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin ELEX WooCommerce...

CVE-2024-31255

CVE-2024-31255 affects the ELEX WooCommerce Dynamic Pricing and Discounts WordPress plugin. The connected data confirms a Reflected XSS due to Improper Neutralization of Input During Web Page Generation, impacting versions up to 2.1.2 (n/a–2.1.2). The CVE entry provides a CVSS score of 7.1 (HIGH,...

PT-2024-23898 · Elex · Elex Woocommerce Dynamic Pricing/Discounts

Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Dynamic Pricing and Discounts versions through 2.1.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables...

WordPress Plugin ELEX WooCommerce Dynamic Pricing and Discounts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin ELEX WooCommerce Dynamic...

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

WordPress Plugin WooCommerce Dynamic Pricing and Discounts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Dynamic Pricing and Discount Rules Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 506694d0fc2e Credits...

Cross site scripting

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import function. This makes it possible for unauthenticated attackers to...

WordPress Plugin WooCommerce Dynamic Pricing and Discounts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. PoC https://example.com/?rpwcdpdexportsettings=1...