cleantalk
Vulnerabilities and Security Researches

Product Price by Quantity for WooCommerce, CVE-2024-9384

CVE, Research URL

CVE-2024-9384

Home page URL

Security reports for Product Price by Quantity for WooCommerce

Application

Product Price by Quantity for WooCommerce

Published on
Oct 04, 2024
Research Description
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 3.8.1.
Status
vulnerable
Previous vulnerability researches
Product Price by Quantity for WooCommerce (CVE-2025-31598) , Apr 03, 2025
Product Price by Quantity for WooCommerce (CVE-2024-9384) , Oct 04, 2024
New vulnerability
Nimbata Call Tracking (CVE-2025-32616) , Apr 11, 2025
Codescar Radio Widget (CVE-2025-32500) , Apr 11, 2025
ePaper Lister for Yumpu (CVE-2025-32502) , Apr 11, 2025
WPshop 2 – E-Commerce (CVE-2025-32576) , Apr 11, 2025
KeyCAPTCHA – Social WordPress CAPTCHA (CVE-2025-32619) , Apr 11, 2025