4 matches found
CVE-2025-3743
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the 'addofferincart' function...
CVE-2025-3743
The Upsell Funnel Builder for WooCommerce plugin for WordPress (versions
CVE-2025-3743 Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the 'addofferincart' function...
WordPress Upsell Funnel Builder for WooCommerce plugin <= 3.0.0 - Unauthenticated Order Manipulation vulnerability
Unauthenticated Order Manipulation vulnerability discovered by p4 in WordPress Plugin Upsell Order Bump Offer for WooCommerce versions = 3.0.0...