Lucene search
K

13 matches found

Patchstack
Patchstack
added 2026/06/11 11:48 a.m.10 views

WordPress WP eCommerce plugin <= 3.15.1 - Coupon Deletion via CSRF vulnerability

Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eCommerce versions = 3.15.1...

4.3CVSS5.4AI score0.00098EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 6:0 a.m.5 views

CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

5.8AI score0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/03/06 6:0 a.m.24 views

CVE-2026-1128

The CVE describes a CSRF vulnerability in the WP eCommerce WordPress plugin up to version 3.15.1, where no CSRF check is performed when deleting coupons. Root cause: absence of CSRF protection in the coupon deletion flow. Affected software: WordPress plugin WP eCommerce (versions ≤ 3.15.1). Impac...

4.3CVSS5.9AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/06 6:0 a.m.33 views

CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.4 views

WordPress plugin WP eCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23650

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

5.8AI score0.00098EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-13628

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS5.3AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 8:15 a.m.6 views

CVE-2025-13628

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/09 7:22 a.m.25 views

CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 7:22 a.m.4 views

CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...

4.3CVSS4.9AI score0.00202EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1705

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to and including 3.9.3 Description The Tutor LMS plugin for WordPress is affected by a flaw that allows unauthorized modification and deletion of data. This is due to a missing capability check in the bulk action handler...

4.3CVSS5.8AI score0.00202EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/07/15 7:53 a.m.4 views

WordPress WP eStore plugin < 8.5.5 - Coupon Deletion via CSRF vulnerability

Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...

8.8CVSS7AI score0.00366EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/15 6:0 a.m.16 views

CVE-2024-6075 WP eStore < 8.5.5 - Coupon Deletion via CSRF

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.8AI score0.00366EPSS
Exploits1References1
Rows per page
Query Builder