NotCVE - vendor:"Thedark" product:"Auto Affiliate Links" version:" <= 6.4.3"

4 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-1843 – Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink

https://notcve.org/view.php?id=CVE-2024-1843

11 Mar 2024 — The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts. El complemento Auto Affiliate Links para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función aalAddLink en todas la... • https://plugins.trac.wordpress.org/browser/wp-auto-affiliate-links/trunk/aal_ajax.php#L79 • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-47652 – WordPress Auto Affiliate Links Plugin <= 6.4.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-47652

07 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Lucian Apostol Auto Affiliate Links permite almacenar XSS. Este problema afecta a Auto Affiliate Links: desde n/a hasta 6.4.2.4. The Auto Affiliate Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.2.4. This is due to missi... • https://patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-4-2-3-csrf-lead-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-25973 – WordPress Auto Affiliate Links Plugin <= 6.3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-25973

22 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions. The Auto Affiliate Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.0.2. This is due to missing or incorrect nonce validation on the 'aalChangeOptions' function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such ... • https://patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-3-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-22689 – WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Broken Access Control

https://notcve.org/view.php?id=CVE-2023-22689

02 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. The Auto Affiliate Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.0.1. This is due to missing or incorrect nonce validation on the aalDeleteLink() function. This makes it possible for unauthenticated attackers to delete links via a forged request granted they can trick a site administrator into performing an action such as clicking on a ... • https://patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •