Tipsandtricks-hq

Wp Affiliate Platform

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2024-5285

Exploit
  • EPSS 0.1%
  • Veröffentlicht 29.07.2024 06:15:02
  • Zuletzt bearbeitet 07.07.2025 18:05:35

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack

4.7

CVE-2024-5280

Exploit
  • EPSS 0.21%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:58:18

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack

6.1

CVE-2024-5281

Exploit
  • EPSS 0.24%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:58:35

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1

CVE-2024-5282

Exploit
  • EPSS 0.4%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:58:47

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1

CVE-2024-5283

Exploit
  • EPSS 0.32%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:59:01

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.8

CVE-2024-5284

Exploit
  • EPSS 0.09%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:59:16

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

4.8

CVE-2024-5286

Exploit
  • EPSS 0.09%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:59:35

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

7.1

CVE-2024-5287

Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 19.05.2025 14:59:51

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack

6.1

CVE-2022-3896

  • EPSS 2.66%
  • Veröffentlicht 29.11.2022 21:15:11
  • Zuletzt bearbeitet 20.08.2025 13:03:49

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for ...

4.8

CVE-2022-3897

  • EPSS 0.24%
  • Veröffentlicht 29.11.2022 21:15:11
  • Zuletzt bearbeitet 20.08.2025 13:03:49

The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenti...