cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5285,https://securityvulnerability.io/vulnerability/CVE-2024-5285,CSRF Vulnerability in WordPress Plugin Could Allow User Deletion,"The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-29T06:00:01.890Z,0
CVE-2024-5287,https://securityvulnerability.io/vulnerability/CVE-2024-5287,WordPress Plugin Vulnerability Allows CSRF Attacks on Logged-In Users,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:11.336Z,0
CVE-2024-5286,https://securityvulnerability.io/vulnerability/CVE-2024-5286,Cross-Site Scripting Vulnerability in WordPress wp-affiliate-platform Plugin,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:11.139Z,0
CVE-2024-5284,https://securityvulnerability.io/vulnerability/CVE-2024-5284,Logged-in Admin Stored XSS Vulnerability,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:10.957Z,0
CVE-2024-5283,https://securityvulnerability.io/vulnerability/CVE-2024-5283,WordPress Plugin Vulnerability: Reflected Cross-Site Scripting Flaw,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:10.758Z,0
CVE-2024-5282,https://securityvulnerability.io/vulnerability/CVE-2024-5282,Cross-Site Scripting Vulnerability in WordPress' wp-affiliate-platform Plugin,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:10.553Z,0
CVE-2024-5281,https://securityvulnerability.io/vulnerability/CVE-2024-5281,WordPress Plugin Vulnerable to Reflected Cross-Site Scripting,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:10.359Z,0
CVE-2024-5280,https://securityvulnerability.io/vulnerability/CVE-2024-5280,WordPress Plugin Vulnerability Leaves Non-Logged in Users Susceptible to XSS Attacks,"The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack",Wordpress,WP-affiliate-platform,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:10.160Z,0
CVE-2022-3898,https://securityvulnerability.io/vulnerability/CVE-2022-3898,Cross-Site Request Forgery in WP Affiliate Platform Plugin for WordPress,"The WP Affiliate Platform plugin for WordPress exhibits a Cross-Site Request Forgery vulnerability due to improper nonce validation in several functions, notably in the affiliates_menu method. This flaw permits unauthenticated attackers to execute unauthorized actions, such as deleting affiliate records, by exploiting a trust relationship to deceive an administrator into inadvertently triggering a malicious request.",Wordpress,WP Affiliate Platform,8.8,HIGH,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-29T20:42:19.502Z,0
CVE-2022-3897,https://securityvulnerability.io/vulnerability/CVE-2022-3897,Stored Cross-Site Scripting in WP Affiliate Platform Plugin by WordPress,"The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in multiple parameters. Authenticated attackers with administrator-level access can exploit this vulnerability to inject arbitrary scripts into webpages. These scripts execute whenever a user views the compromised pages, potentially leading to unauthorized access and data theft.",Wordpress,WP Affiliate Platform,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-29T20:42:01.833Z,0
CVE-2022-3896,https://securityvulnerability.io/vulnerability/CVE-2022-3896,Reflected Cross-Site Scripting in WP Affiliate Platform Plugin for WordPress,"The WP Affiliate Platform plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject malicious web scripts via manipulated URLs, which could execute on the user’s browser if they interact with a crafted link. While modern browser security features may mitigate the risk, the potential for exploitation remains significant.",Wordpress,WP Affiliate Platform,6.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2022-11-29T20:41:47.681Z,0