Lucene search
WPScanCVELIST:CVE-2022-0818HistoryMar 28, 2022 - 5:23 p.m.
CVE-2022-0818 Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS
2022-03-2817:23:25
CWE-79
WPScan
www.cve.org
2
cve-2022-0818
coupon affiliates
unauthenticated stored xss
woocommerce affiliate plugin
wordpress plugin
EPSS
0.001
Percentile
45.7%
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
CNA Affected
[
{
"product": "WooCommerce Affiliate Plugin – Coupon Affiliates",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.16.4.5",
"status": "affected",
"version": "4.16.4.5",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2022-03-28 18:15:00
nvd
nvd
CVE-2022-0818
2022-03-28 18:15:09
cve
cve
CVE-2022-0818
2022-03-28 18:15:09
patchstack
patchstack
cnvd
cnvd
WordPress WooCommerce Affiliate plugin跨站脚本漏洞
2022-03-30 00:00:00
wpvulndb
wpvulndb
Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS
2022-03-02 00:00:00
wpexploit
wpexploit
Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS
2022-03-02 00:00:00