CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8478 – Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8478
09 Sep 2024 — The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/amazonsimpleadmin/trunk/AsaCore.php#L285 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27417 – WordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-27417
08 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Timo Reith Affiliate Super Assistent en versiones <= 1.5.1. The Affiliate Super Assistent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on several functions such as the '_displayPreDispatcher', '_displayDispatche... • https://patchstack.com/database/vulnerability/amazonsimpleadmin/wordpress-affiliate-super-assistent-plugin-1-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •