CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10227 – affiliate-toolkit <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode
https://notcve.org/view.php?id=CVE-2024-10227
28 Oct 2024 — The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento affiliate-toolkit para WordPress es vulner... • https://plugins.trac.wordpress.org/changeset/3174286 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5877 – affiliate-toolkit < 3.4.3 - Unauthenticated SSRF
https://notcve.org/view.php?id=CVE-2023-5877
11 Dec 2023 — The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. El complemento affiliate-toolkit de WordPress anterior a 3.4.3 carece de autorización y autenticación para solicitudes a su endpoint afiliado-toolkit-starter/tools/atkp_ima... • https://wpscan.com/vulnerability/39ed4934-3d91-4924-8acc-25759fef9e81 • CWE-862: Missing Authorization CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46086 – WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-46086
28 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site Scripting") en SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin permite XSS reflejado. Este p... • https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45105 – WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-45105
06 Oct 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. Vulnerabilidad de redirección de URL a un sitio no confiable ("Open Redirect") en SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin. Este problema afecta a affiliate-toolkit – WordPress Affiliate Plugin: desde n/a hasta 3.3.9. The affiliate-toolkit – WordP... • https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23786 – WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23786
30 Mar 2023 — Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions. The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post settings in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whe... • https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •