CVE-2025-41002 SQL injection in Infoticketing

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

EUVD-2021-1739

Malware in sbrugna...

CVE-2024-32722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5...

CVE-2024-13758

CVE-2024-13758 involves the CP Contact Form with PayPal plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation in cp_contact_form_paypal_check_init_actions(), affecting all versions up to and including 1.3.52. This allows unauth...

Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-32722 WordPress Coupon & Discount Code Reveal Button plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5...

CVE-2024-32722 WordPress Coupon & Discount Code Reveal Button plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5...

VulnCheck KEV: CVE-2021-25114

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in Wordpress Plugin Paid Memberships Pro versions prior to 2.6....

CVE-2020-22403

Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...

CVE-2020-22403

Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...

PT-2021-10761 · Npm · Express-Cart

Name of the Vulnerable Software and Affected Versions: Express cart versions 1.1.10 and earlier Express cart version 1.1.16 Description: A Cross Site Request Forgery CSRF issue allows attackers to add an administrator account, add a discount code, or have other unspecified impacts. This issue...

CVE-2020-22403

Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...

CVE-2020-22403

CVE-2020-22403 affects the Express cart package for Node.js (v1.1.16). A CSRF vulnerability arises from missing/insufficient CSRF protections, enabling an attacker to perform unintended actions such as creating an administrator account or adding a discount code. The issue is confirmed across mult...

nopCommerce 跨站脚本漏洞

nopCommerce is an open source e-commerce shopping cart software. A reflective cross-site scripting vulnerability exists in the Discount Coupon component in nopCommerce 4.30. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

Visit Wallarm at Google Cloud Next

April 9–11, San Francisco, CA We are excited to join the community of the GCP professionals and demonstrate Wallarm web and API protection solutions custom-built for Google Cloud-powered applications. A certified GCP-partner, Wallarm delivers AI-powered security solution built to help your busine...

Visit Wallarm at AWS re:Invent 2017

Wallarm will present its Application Security solutions at AWS re:Invent in Las Vegas November 27 through December 1st. As a leading provider of AI-driven application security, Wallarm is helping customers running on AWS to implement application security. Wallarm solutions includes high-performan...

Shopify: Stored XSS via "Free Shipping" option (Discounts)

POC steps: 1 Go to the customers page and add a new search group named as "img src=x onerror=prompt7 see img1.png 2 Go to the discounts page, create a new discount code and mark the "Free Shipping" option. 3 Open a web proxy i.e. tamper data and press the "save discount" button. 4 Through the web...