VYPR

Opt-In Builder

by Tagdiv

CVEs (2)

  • CVE-2023-3419HigAug 17, 2024
    risk 0.47cvss 7.2epss 0.01

    The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2023-3416HigAug 17, 2024
    risk 0.47cvss 7.2epss 0.01

    The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'create_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of…