cleantalk
Vulnerabilities and Security Researches

Smart Online Order for Clover, CVE-2024-8787

CVE, Research URL

CVE-2024-8787

Home page URL

Security reports for Smart Online Order for Clover

Application

Smart Online Order for Clover

Published on
Oct 16, 2024
Research Description
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.5.8.
Status
vulnerable
Previous vulnerability researches
Smart Online Order for Clover (CVE-2025-15635) , Apr 17, 2026
Smart Online Order for Clover (CVE-2024-7032) , Aug 23, 2024
Smart Online Order for Clover (CVE-2024-7030) , Aug 23, 2024
Smart Online Order for Clover (CVE-2024-43253) , Aug 16, 2024
Smart Online Order for Clover (CVE-2024-43254) , Aug 16, 2024
New vulnerability
ThemeGrill Demo Importer (CVE-2026-40730) , Apr 17, 2026
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2026-2840) , Apr 17, 2026
WP Allowed Hosts (CVE-2026-0734) , Apr 17, 2026
Real Post Slider Lite (CVE-2026-0680) , Apr 17, 2026
WP Docs (CVE-2026-3878) , Apr 17, 2026