Affiliate Toolkit Starter
by WordPress
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5877 | Cri | 0.64 | 9.8 | 0.01 | Jan 1, 2024 | The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private… | ||
| CVE-2026-6169 | Hig | 0.47 | 7.2 | 0.01 | May 27, 2026 | The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString() method which compiles user-supplied template content into PHP code and… | ||
| CVE-2024-29817 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5. | ||
| CVE-2024-10675 | Med | 0.40 | 6.1 | 0.00 | Nov 21, 2024 | The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary… | ||
| CVE-2025-46231 | Med | 0.35 | 5.4 | 0.00 | Apr 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n/a through <= 3.7.3. | ||
| CVE-2024-10227 | Med | 0.35 | 6.4 | 0.00 | Oct 29, 2024 | The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-6562 | Med | 0.34 | 5.3 | 0.01 | Aug 12, 2024 | The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full… | ||
| CVE-2024-37205 | Med | 0.34 | 5.3 | 0.00 | Jul 10, 2024 | Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4. |
- risk 0.64cvss 9.8epss 0.01
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private…
- risk 0.47cvss 7.2epss 0.01
The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString() method which compiles user-supplied template content into PHP code and…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5.
- risk 0.40cvss 6.1epss 0.00
The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n/a through <= 3.7.3.
- risk 0.35cvss 6.4epss 0.00
The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.34cvss 5.3epss 0.01
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full…
- risk 0.34cvss 5.3epss 0.00
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.