WordPress Tutor LMS plugin <= 3.9.6 - Unauthenticated SQL Injection via coupon_code vulnerability

Unauthenticated SQL Injection via couponcode vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.6...

CVE-2025-13673

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

EUVD-2025-208143

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-13673

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-13673

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

PT-2026-22465

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.7 Description The Tutor LMS plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the coupon code parameter is not properly sanitized,...

EUVD-2025-27616

Malicious code in bioql PyPI...

CVE-2025-3874 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and...

CVE-2025-3874

CVE-2025-3874 affects the WordPress plugin “WordPress Simple Shopping Cart.” The issue is an Insecure Direct Object Reference caused by lack of randomization of a user-controlled key, enabling unauthenticated users to access customer carts, edit product links, add/delete products, and discover co...

SAP Commerce Information Disclosure Vulnerability

SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. SAP Commerce suffers from an information disclosure vulnerability that originates from a coupon code being exposed in a URL parameter. An attacker could exploit this vulnerability to obtain and use the leaked coupon cod...

CVE-2025-27435

CVE-2025-27435 affects SAP Commerce Cloud. The vulnerability is an information disclosure where a coupon code is exposed in the URL parameters of the Coupon Campaign URL, allowing an unauthenticated attacker to access and use the disclosed code. Impact is described as low for confidentiality and ...

SAP Commerce 安全漏洞

SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. SAP Commerce suffers from an information disclosure vulnerability that originates from a coupon code being exposed in a URL parameter. An attacker could exploit this vulnerability to obtain and use the leaked coupon cod...

PT-2025-1879 · WordPress · Coupon Plugin

Name of the Vulnerable Software and Affected Versions: Coupon Plugin plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Coupon Code parameter due to insufficient input sanitization and output escaping. This allows...

WordPress plugin Coupon Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-1563

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

Design/Logic Flaw

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure

The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL...

Business Logic Errors

microweber is vulnerable to Business Logic Errors. The vulnerability exists due to a lack of coupon code validation. which allows attackers to change coupon codes and lower prices...