CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43962 – WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43962
26 Aug 2024 — Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. The LWS Affiliation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32297 – WordPress LWS Affiliation plugin <= 2.2.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-32297
24 Jul 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6. Limitación incorrecta de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en LWS LWS Affiliation permite la inclusión de archivos locales PHP. Este problema afecta a LWS Affiliation: desde n/a hasta 2.2.6. The LWS Affiliation plugin for WordPress is vulnerable to Remot... • https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-2-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •