VYPR

Wp Affiliate Platform

by WordPress

CVEs (11)

  • CVE-2022-3898HigNov 29, 2022
    risk 0.57cvss 8.8epss 0.00

    The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for…

  • CVE-2022-3896MedNov 29, 2022
    risk 0.40cvss 6.1epss 0.01

    The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2022-3897MedNov 29, 2022
    risk 0.36cvss 5.5epss 0.01

    The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-5285Jul 29, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack

  • CVE-2024-5287Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack

  • CVE-2024-5286Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-5284Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

  • CVE-2024-5283Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-5282Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-5281Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2024-5280Jul 13, 2024
    risk 0.00cvss epss 0.00

    The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack