Lucene search
+L

12 matches found

NVD
NVD
added 4 days ago3 views

CVE-2026-57396

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-57396

CVE-2026-57396 is a Stored XSS vulnerability in the WordPress Free Gifts for WooCommerce plugin (versions up to 13.1.0). It stems from improper input neutralization during web page generation and can affect the plugin’s output. The CVSS 3.1 vector indicates network attack, no privileges required,...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57396 WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...

7.1CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/29 9:23 a.m.1 views

CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success

The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlooptincall function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS6.1AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/29 9:23 a.m.9 views

CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success

The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlooptincall function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.4 views

WordPress plugin Bonanza – WooCommerce Free Gifts Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.4AI score0.00184EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:5 p.m.3 views

Malicious code in tricks_updated_xbox_unlimited_giftcards__generator_for_free-53c0i (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.7 views

Addify WooCommerce Advanced Free Gifts Plugin Security Vulnerability

Addify WooCommerce Advanced Free Gifts Plugin is an advanced free gifts plugin from Addify. Enables store owners to offer free gifts to their customers. A security vulnerability exists in Addify WooCommerce Advanced Free Gifts Plugin v.1.0.2 and prior versions, which stems from the presence of a...

9.8CVSS8.7AI score0.00834EPSS
Exploits0References2
OSV
OSV
added 2023/07/31 10:15 a.m.5 views

CVE-2022-4888

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

6.5CVSS5.8AI score0.00313EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.19 views

PT-2023-15899 · WordPress · Checkout Fields Manager +12

Name of the Vulnerable Software and Affected Versions: Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin...

6.5CVSS8.8AI score0.00313EPSS
Exploits2References5
Malwarebytes
Malwarebytes
added 2022/04/13 3:4 p.m.22 views

SMS group spam promises free gifts in return for bill payment

We’re seeing lots of examples of peculiar SMS messages sent to random groups of people. Most of these messages promise free gifts and/or offers after having paid bills. Nobody has asked for these texts, and they’re not being sent by providers of any services. What’s going on? The set up Most of t...

7AI score
Exploits0
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.9 views

WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS6.9AI score0.00313EPSS
Exploits2References2
Rows per page
Query Builder