Vulnerabilities and security researches forwoo-discount-rules woo-discount-rules

Jun 07, 2024

CVE, Research URL: CVE-2022-2090
Home page URL: Security reports for Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Application: Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Date: Jul 17, 2022
Research Description: The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 990b5399af40307881e6b85b4657b12b43e1bc31
Home page URL: Security reports for Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Application: Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Date: Sep 17, 2020
Research Description: Discount Rules for WooCommerce [woo-discount-rules] < 2.1.0 WordPress Discount Rules for WooCommerce plugin <= 2.2.0 - Multiple Authorization Bypass vulnerabilities Multiple Authorization Bypass vulnerabilities found by WordFence in WordPress Discount Rules for WooCommerce plugin (versions <= 2.2.0).
Affected versions: Min -, max -.
Status: vulnerable

Oct 16, 2024

CVE, Research URL: CVE-2024-8541
Home page URL: Security reports for Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Application: Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Date: Oct 16, 2024
Research Description: The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site administrator into performing an action such as clicking on a link. Please note that this is only exploitable when the 'Leave a Review' notice is present, which occurs after 100 orders are made and disappears after a user dismisses the notice.
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2020-36834
Home page URL: Security reports for Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Application: Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts
Date: Oct 16, 2024
Research Description: The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.
Affected versions: Min -, max -.
Status: vulnerable