Flycart Discount Rules For Woocommerce vulnerabilities
3 known vulnerabilities affecting flycart/discount_rules_for_woocommerce.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-36834P2MEDIUMCVSS 6.3Exploited≤ 2.0.22024-10-16
CVE-2020-36834 [MEDIUM] CWE-862 CVE-2020-36834: The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via s
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying
nvd
CVE-2022-2090P4MEDIUMCVSS 6.1fixed in 2.4.22022-07-17
CVE-2022-2090 [MEDIUM] CWE-79 CVE-2022-2090: The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
nvd
CVE-2024-8541P4MEDIUMCVSS 6.1≤ 2.6.52024-10-16
CVE-2024-8541 [MEDIUM] CWE-79 CVE-2024-8541: The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BO
The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. This makes it possible for unauthenticated attackers to i
nvd