CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46231 – WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-46231
22 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en SERVIT Software Solutions affiliate-toolkit permite Cross-Site Request Forgery. Este problema afecta al kit de herramientas de afiliados desde la versión n/a hasta la 3.7.3. The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerab... • https://patchstack.com/database/wordpress/plugin/affiliate-toolkit-starter/vulnerability/wordpress-affiliate-toolkit-3-7-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37205 – WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-37205
20 Jun 2024 — Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4. Vulnerabilidad de inserción de información confidencial en un archivo de registro en SERVIT Software Solutions. Este problema afecta al kit de herramientas de afiliados: desde n/a hasta 3.4.4. The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.4 t... • https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-4-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29817 – WordPress affiliate-toolkit – WordPress Affiliate Plugin plugin <= 3.4.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29817
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en SERVIT Software Solutions affiliate-toolkit permite XSS almacenado. Este problema afecta el kit de herramientas afiliado: desde n/a hasta 3.4.5. The affiliate-t... • https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •