Lucene search
China National Vulnerability DatabaseCNVD-2022-72701HistoryApr 27, 2022 - 12:00 a.m.
WordPress Plugin ThirstyAffiliates Affiliate Link Manager Authorization Issue Vulnerability
2022-04-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.001 Low
EPSS
Percentile
21.4%
WordPress is a set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers.An authorization issue vulnerability exists in versions of the WordPress plugin ThirstyAffiliates Affiliate Link Manager prior to 3.10.5. The vulnerability stems from the plugin’s failure to perform authorization and CSRF checks when creating affiliate links, which could be used by an attacker to The vulnerability allows any authenticated user (such as a subscriber) to create arbitrary affiliate links, which can then be used to redirect the user to any website.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress thirstyaffiliates affiliate link manager plugin | lt | 3.10.5 |
Related
wpvulndb
wpvulndb
prion
prion
Cross site request forgery (csrf)
2022-04-25 16:16:00
cvelist
cvelist
patchstack
patchstack
wpexploit
wpexploit
nvd
nvd
CVE-2022-0398
2022-04-25 16:16:07
cve
cve
CVE-2022-0398
2022-04-25 16:16:07