VYPR

Bonus For Woo

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-58835MedSep 5, 2025
    risk 0.27cvss 5.3epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6.

  • CVE-2023-5140Nov 20, 2023
    risk 0.00cvss epss 0.00

    The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.