Medium severity6.1NVD Advisory· Published Jan 24, 2022· Updated Jun 17, 2026
CVE-2021-25078
CVE-2021-25078
Description
The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.9.0
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2648196nvdPatchThird Party Advisory
- wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.