Vulnerabilities > Zaytech > Smart Online Order FOR Clover > 1.5.6

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-43253 Unspecified vulnerability in Zaytech Smart Online Order for Clover
Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.
network
low complexity
zaytech
critical
 9.8
9.8
2024-11-01 CVE-2024-43254 Missing Authorization vulnerability in Zaytech Smart Online Order for Clover
Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Online Order for Clover: from n/a through 1.5.6.
network
low complexity
zaytech CWE-862
8.8
8.8
2024-10-16 CVE-2024-8787 Cross-site Scripting vulnerability in Zaytech Smart Online Order for Clover
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7.
network
low complexity
zaytech CWE-79
6.1
6.1