Post Affiliate Pro
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2290 | Low | 0.25 | 3.8 | 0.00 | Mar 21, 2026 | The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound… | ||
| CVE-2008-5630 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter. | |||
| CVE-2008-4602 | 0.03 | — | 0.02 | Oct 18, 2008 | Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter. | |||
| CVE-2005-3909 | 0.03 | — | 0.01 | Nov 30, 2005 | SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter. | |||
| CVE-2005-3910 | 0.00 | — | 0.01 | Nov 30, 2005 | merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability. |
- risk 0.25cvss 3.8epss 0.00
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound…
- CVE-2008-5630Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
- CVE-2008-4602Oct 18, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.
- CVE-2005-3909Nov 30, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.
- CVE-2005-3910Nov 30, 2005risk 0.00cvss —epss 0.01
merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.