Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2022-0398
- EPSS 0.07%
- Veröffentlicht 25.04.2022 16:16:07
- Zuletzt bearbeitet 21.11.2024 06:38:32
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, w...
4.3
CVE-2022-0634
- EPSS 0.07%
- Veröffentlicht 25.04.2022 16:16:07
- Zuletzt bearbeitet 21.11.2024 06:39:04
The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Furthe...
5.4
CVE-2021-24127
- EPSS 0.33%
- Veröffentlicht 18.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:52:24
Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation.
1