Lucene search
China National Vulnerability DatabaseCNVD-2023-06534HistoryApr 27, 2022 - 12:00 a.m.
WordPress plugin ThirstyAffiliates Affiliate Link Manager licensing issue vulnerability (CNVD-2023-06534)
2022-04-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
wordpress
thirstyaffiliates
affiliate link manager
licensing issue
vulnerability
php
authorization checks
security
low privilege attacker
external url
image
EPSS
0.001
Percentile
21.2%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin ThirstyAffiliates Affiliate Link Manager 3.10.5 previously had a security vulnerability that stemmed from the plugin’s lack of authorization checks in the ta_ insert_external_image operation, a low privilege attacker could exploit the vulnerability to add an image from an external URL to an affiliate link.
Related
cvelist
cvelist
nvd
nvd
CVE-2022-0634
2022-04-25 16:16:07
prion
prion
Cross site request forgery (csrf)
2022-04-25 16:16:00
patchstack
patchstack
wpvulndb
wpvulndb
ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF
2022-03-31 00:00:00
wpexploit
wpexploit
ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF
2022-03-31 00:00:00
cve
cve
CVE-2022-0634
2022-04-25 16:16:07