VYPR

Affiliate Links Manager

by WordPress

Source repositories

CVEs (5)

  • CVE-2022-2798HigSep 16, 2022
    risk 0.52cvss 8.0epss 0.01

    The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

  • CVE-2025-27273MedMar 3, 2025
    risk 0.38cvss 5.8epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager affiliate-links-manager allows Reflected XSS.This issue affects Affiliate Links Manager: from n/a through <= 1.0.

  • CVE-2022-0398MedApr 25, 2022
    risk 0.35cvss 5.4epss 0.00

    The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to…

  • CVE-2021-25078MedJan 24, 2022
    risk 0.33cvss 6.1epss 0.02

    The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.

  • CVE-2022-2799MedSep 16, 2022
    risk 0.31cvss 4.8epss 0.01

    The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.