VYPR

ThirstyAffiliates Affiliate Link Manager

by WordPress

CVEs (2)

  • CVE-2022-0398MedApr 25, 2022
    risk 0.35cvss 5.4epss 0.00

    The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to…

  • CVE-2021-24127MedMar 18, 2021
    risk 0.35cvss 5.4epss 0.01

    Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.