CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2025/05/22 5:9 p.m.•4 views

CVE-2020-36841

The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommercecouponadmininit function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates ...

5.3CVSS6.8AI score0.00083EPSS

Exploits0

RedhatCVE•added 2025/05/22 1:18 a.m.•4 views

CVE-2017-1002017

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability...

6.1CVSS6AI score0.00562EPSS

Exploits1References1

Vulnrichment•added 2025/04/02 9:21 a.m.•5 views

CVE-2025-2483 Gift Certificate Creator <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter

The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘receipaddress’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS6.5AI score0.00824EPSS

Exploits0References3

CVE•added 2025/04/02 9:21 a.m.•72 views

CVE-2025-2483

CVE-2025-2483 affects the Gift Certificate Creator plugin for WordPress. It allows a Reflected Cross-Site Scripting (XSS) via the receip_address parameter in all versions up to 1.1.0. The issue enables unauthenticated attackers to inject arbitrary scripts into pages that execute when a user perfo...

6.1CVSS6.5AI score0.00824EPSS

Exploits0References3

CNNVD•added 2025/04/02 12:0 a.m.•2 views

WordPress plugin Gift Certificate Creator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS6.3AI score0.00824EPSS

Exploits0References4

Positive Technologies•added 2025/04/02 12:0 a.m.•2 views

PT-2025-14472 · WordPress · Gift Certificate Creator

Name of the Vulnerable Software and Affected Versions: The Gift Certificate Creator plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

6.1CVSS6.5AI score0.00824EPSS

Exploits0References8

Patchstack•added 2025/04/01 10:42 p.m.•8 views

WordPress Gift Certificate Creator plugin <= 1.1.0 - Reflected Cross-Site Scripting via receip_address Parameter vulnerability

Reflected Cross-Site Scripting via receipaddress Parameter vulnerability discovered by johska in WordPress Plugin Gift Certificate Creator versions = 1.1.0...

6.1CVSS7.3AI score0.00824EPSS

Exploits0References1Affected Software1

CVE•added 2024/10/12 2:5 a.m.•105 views

CVE-2024-9592

CVE-2024-9592 concerns the WordPress plugin Easy PayPal Gift Certificate (versions ≤ 1.2.3). The vulnerability is a Cross-Site Request Forgery that, due to missing/incorrect nonce validation in the wpppgc_plugin_options function, can allow an unauthenticated attacker to update plugin settings and...

6.1CVSS6.2AI score0.00256EPSS

Exploits0References2

Vulnrichment•added 2024/10/12 2:5 a.m.•7 views

CVE-2024-9592 Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options

The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgcpluginoptions' function. This makes it possible for unauthenticated attackers to update the...

6.1CVSS6.6AI score0.00256EPSS

Exploits0References2

CNNVD•added 2024/10/12 12:0 a.m.•2 views

WordPress plugin Easy PayPal Gift Certificate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.1CVSS6.7AI score0.00256EPSS

Exploits0References3

Patchstack•added 2024/10/11 1:29 p.m.•4 views

WordPress Easy PayPal Gift Certificate plugin <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Easy PayPal Gift Certificate versions = 1.2.3...

6.1CVSS5.9AI score0.00256EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/11 12:0 a.m.•16 views

WordPress Easy PayPal Gift Certificate Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy PayPal Gift Certificate Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9592 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e85fe46e59dc Credits István...

6.1CVSS5.6AI score0.00256EPSS

Exploits0References2Affected Software1

Openbugbounty•added 2018/06/02 3:2 a.m.•11 views

bokus.com XSS vulnerability

Open Bug Bounty ID: OBB-625894 Description| Value ---|--- Affected Website:| bokus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0

CNVD•added 2017/09/15 12:0 a.m.•2 views

Bobcares WordPress gift-certificate-creator Cross-Site Scripting Vulnerability

Bobcares WordPress gift-certificate-creator is a website gift certificate creation plugin for WordPress by Bobcares India. A cross-site scripting vulnerability exists in Bobcares WordPress gift-certificate-creator version 1.0, which stems from the program failing to filter user input. A remote...

6.1CVSS6.1AI score0.00562EPSS

Exploits1References1

Prion•added 2017/09/14 1:29 p.m.•9 views

Cross site scripting

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability...

4.3CVSS5.9AI score0.00562EPSS

Exploits1References2Affected Software1

NVD•added 2017/09/14 1:29 p.m.•10 views

CVE-2017-1002017

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability...

6.1CVSS6AI score0.00562EPSS

Exploits1References2

OSV•added 2017/09/14 1:29 p.m.•2 views

CVE-2017-1002017

Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability...

6.1CVSS5.8AI score0.00562EPSS

Exploits1References2

CVE•added 2017/09/14 1:0 p.m.•47 views

CVE-2017-1002017

CVE-2017-1002017 affects the WordPress plugin Gift Certificate Creator 1.0 . The vulnerability is in the file gc-list.php , where user input is not sanitized, enabling a stored XSS vulnerability. According to NVD, the CVSS2/3 base scores are 4.3 (MEDIUM) and 6.1 (MEDIUM), indicating moderate impa...

6.1CVSS5.9AI score0.00562EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by