Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2025-8877
- EPSS 0.1%
- Veröffentlicht 30.09.2025 11:37:46
- Zuletzt bearbeitet 02.10.2025 19:12:42
The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and including, 2.28.2 due to insufficient escaping on the user supplied parameter and lack of sufficient prep...
4.8
CVE-2024-5286
- EPSS 0.09%
- Veröffentlicht 13.07.2024 06:15:04
- Zuletzt bearbeitet 19.05.2025 14:59:35
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
4.3
CVE-2023-4600
- EPSS 0.07%
- Veröffentlicht 30.08.2023 12:15:09
- Zuletzt bearbeitet 21.11.2024 08:35:31
The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it p...
1