WordPress is a set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers.An authorization issue vulnerability exists in versions of the WordPress plugin ThirstyAffiliates Affiliate Link Manager prior to 3.10.5. The vulnerability stems from the plugin’s failure to perform authorization and CSRF checks when creating affiliate links, which could be used by an attacker to The vulnerability allows any authenticated user (such as a subscriber) to create arbitrary affiliate links, which can then be used to redirect the user to any website.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress thirstyaffiliates affiliate link manager plugin | lt | 3.10.5 |