[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ4ehmTSYF5VQ4bgrXo01e3Vwg5PcGTnrtiVGAFNTYy4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-7193b373-a0c9-4cd7-8a53-4f35ceff8f23-alkubot","alkubot-gamify-discounts-sell-more-and-give-less-at-the-right-time-cross-site-request-forgery","Alkubot – Gamify discounts, sell more and give less at the right time \u003C 3.0.0 - Cross-Site Request Forgery","The Alkubot – Gamify discounts, sell more and give less at the right time plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on the successfulBargain() function. This makes it possible for unauthenticated attackers to place arbitrary products in a shopping cart via a forged request granted they can trick a user into performing an action such as clicking on a link.","alkubot",null,"\u003C3.0.0","3.0.0","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:N","Cross-Site Request Forgery (CSRF)","2021-04-06 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7193b373-a0c9-4cd7-8a53-4f35ceff8f23?source=api-prod",1022]