Smart Online Order For Clover@* Security Vulnerabilities and Issues — Smart Online Order For Clover@* CVE List

Lucene search

ZaytechSmart Online Order For Clover*

9 matches found

CVE•added 2024/03/19 3:15 p.m.•60 views

CVE-2024-29115

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.

6.5CVSS6.7AI score0.0006EPSS

CVE•added 2023/10/31 10:15 a.m.•55 views

CVE-2023-46312

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin

7.1CVSS6.1AI score0.00083EPSS

CVE•added 2024/04/12 1:15 p.m.•47 views

CVE-2024-31238

Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.

8.8CVSS9.3AI score0.00056EPSS

CVE•added 2024/10/15 9:15 a.m.•45 views

CVE-2024-9895

The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

6.4CVSS5.5AI score0.00093EPSS

CVE•added 2024/10/16 2:15 a.m.•43 views

CVE-2024-8787

The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inje...

6.1CVSS6.3AI score0.00395EPSS

CVE•added 2024/08/21 6:15 a.m.•37 views

CVE-2024-7030

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

4.3CVSS4.3AI score0.00115EPSS

CVE•added 2024/08/21 6:15 a.m.•34 views

CVE-2024-7032

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and...

6.5CVSS6.3AI score0.00485EPSS

CVE•added 2024/11/01 3:15 p.m.•33 views

CVE-2024-43253

Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.

9.8CVSS5.3AI score0.00311EPSS

CVE•added 2024/11/01 3:15 p.m.•32 views

CVE-2024-43254

Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.

8.8CVSS4.7AI score0.00137EPSS