CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0859 – Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-0859
30 Jan 2024 — The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Affiliates Manager para WordPress es vulnerable a Cro... • https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52148 – WordPress Affiliates Manager Plugin <= 2.9.30 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-52148
28 Dec 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en wp.Insider, wpaffiliatemgr Affiliates Manager. Este problema afecta a Affiliates Manager: desde n/a hasta 2.9.30. The Affiliates Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and includin... • https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-30-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52130 – WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52130
28 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en wp.Insider, wpaffiliatemgr Affiliates Manager. Este problema afecta a Affiliates Manager: desde n/a hasta 2.9.31. The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.31. This is due to missing or incorrect nonce validation... • https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-31-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28986 – WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28986
29 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions. The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.20. This is due to missing nonce validation on the process_bulk_action() function. This makes it possible for unauthenticated attackers to perform bulk modifications of commissions and clicks via a forged request granted they can trick a site administrator into ... • https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2798 – Affiliates Manager < 2.9.14 - Affiliate CSV Injection
https://notcve.org/view.php?id=CVE-2022-2798
16 Aug 2022 — The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data El plugin Affiliates Manager de WordPress versiones anteriores a 2.9.14, no comprueba ni sanea los datos de los afiliados, lo que podría permitir a usuarios que sean registrados como afiliados llevar a cabo ataques de inyección CSV contra un administrador que exporte los datos The Affilia... • https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2799 – Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2799
16 Aug 2022 — The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Affiliates Manager de WordPress versiones anteriores a 2.9.14 no sanea y escapa de algunos de sus parámetros, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de Cross-Site Scripting incluso cuando la capacidad unfiltered_html está d... • https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25078 – Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25078
24 Dec 2021 — The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. El plugin Affiliates Manager de WordPress versiones anteriores a la versión 2.9.0, no comprueba, sanea y escapa de la dirección IP de las peticiones registradas por la funcionalidad click tracking, permitiendo a atacantes no autenticado... • https://plugins.trac.wordpress.org/changeset/2648196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24844 – Affiliate Manager < 2.8.7 - Admin+ SQL injection
https://notcve.org/view.php?id=CVE-2021-24844
11 Oct 2021 — The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue El plugin Affiliates Manager de WordPress versiones anteriores a 2.8.7, no comprueba el parámetro orderby antes de usarlo en una sentencia SQL en el panel de administración, conllevando a un problema de inyección SQL • https://plugins.trac.wordpress.org/changeset/2611862 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15868 – Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15868
26 May 2019 — The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. El plugin affiliates-manager en versiones anteriores a la 2.6.6 para WordPress tiene Cross-Site Request Forgery (CSRF). The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 2.6.6. This makes it possible for unauthenticated attackers to perform unspecified modifications to the plugin settings granted they can trick a site administrator into performing an action such as clicking on a link. ... • https://wordpress.org/plugins/affiliates-manager/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •