Vulnerabilities and security researches forclover-online-orders clover-online-orders

Jun 07, 2024

CVE, Research URL: CVE-2024-31238
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Apr 12, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.
Affected versions: max 1.5.6.
Status: vulnerable

CVE, Research URL: CVE-2023-46312
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Oct 31, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <= 1.5.4 versions.
Affected versions: max 1.5.5.
Status: vulnerable

CVE, Research URL: CVE-2024-29115
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Mar 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.
Affected versions: max 1.5.6.
Status: vulnerable

Aug 16, 2024

CVE, Research URL: CVE-2024-43253
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.
Affected versions: max 1.5.7.
Status: vulnerable

CVE, Research URL: CVE-2024-43254
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.
Affected versions: max 1.5.7.
Status: vulnerable

Aug 23, 2024

CVE, Research URL: CVE-2024-7032
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Aug 21, 2024
Research Description: The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.
Affected versions: max 1.5.7.
Status: vulnerable

CVE, Research URL: CVE-2024-7030
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Aug 21, 2024
Research Description: The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.
Affected versions: max 1.5.7.
Status: vulnerable

Oct 15, 2024

CVE, Research URL: CVE-2024-9895
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Oct 15, 2024
Research Description: The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.5.8.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2024-8787
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Oct 16, 2024
Research Description: The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.5.8.
Status: vulnerable

Apr 17, 2026

CVE, Research URL: CVE-2025-15635
Home page URL: Security reports for Smart Online Order for Clover
Application: Smart Online Order for Clover
Date: Apr 15, 2026
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through 1.6.0.
Affected versions: max 1.6.0.
Status: vulnerable