Vulnerabilities and security researches forserial-codes-generator-and-validator serial-codes-generator-and-validator

Jun 07, 2024

CVE, Research URL: CVE-2023-4376
Home page URL: Security reports for Serial Codes Generator and Validator with WooCommerce Support
Application: Serial Codes Generator and Validator with WooCommerce Support
Date: Sep 20, 2023
Research Description: The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: ba6efb0a623380b705452ba37eb8f74b11aae946
Home page URL: Security reports for Serial Codes Generator and Validator with WooCommerce Support
Application: Serial Codes Generator and Validator with WooCommerce Support
Date: Aug 17, 2023
Research Description: Serial Codes Generator and Validator with WooCommerce Support [serial-codes-generator-and-validator] < 2.4.15 Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting The Serial Codes Generator and Validator with WooCommerce Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data[codes]' parameter saved through the sngmbhSerialcodesValidator_executeAdminSettings AJAX action in versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-30854
Home page URL: Security reports for Serial Codes Generator and Validator with WooCommerce Support
Application: Serial Codes Generator and Validator with WooCommerce Support
Date: Mar 27, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery. This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.7.7.
Affected versions: Min -, max -.
Status: vulnerable