VYPR

Post Affiliate Pro

by Post Affiliate Pro

CVEs (5)

  • CVE-2026-2290LowMar 21, 2026
    risk 0.25cvss 3.8epss 0.00

    The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound…

  • CVE-2008-5630Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.

  • CVE-2008-4602Oct 18, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.

  • CVE-2005-3909Nov 30, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.

  • CVE-2005-3910Nov 30, 2005
    risk 0.00cvss epss 0.01

    merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.