VYPR

Discount Rules For Woocommerce

by WordPress

CVEs (3)

  • CVE-2020-36834MedOct 16, 2024
    risk 0.41cvss 6.3epss 0.00

    The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute…

  • CVE-2022-2090MedJul 17, 2022
    risk 0.40cvss 6.1epss 0.01

    The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting

  • CVE-2024-8541MedOct 16, 2024
    risk 0.31cvss 4.7epss 0.00

    The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to,…