Lucene search
WordfenceCVELIST:CVE-2024-0859HistoryFeb 05, 2024 - 9:21 p.m.
CVE-2024-0859
2024-02-0521:21:42
Wordfence
raw.githubusercontent.com
2
affiliates manager
wordpress
cross-site request forgery
nonce validation
listaffiliatestable.php
unauthenticated attackers
site administrator
The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
wpvulndb
wpvulndb
Affiliates Manager < 2.9.35 - Cross-Site Request Forgery
2024-01-30 00:00:00
cve
cve
CVE-2024-0859
2024-02-05 22:16:06
prion
prion
Cross site request forgery (csrf)
2024-02-05 22:16:00
wordfence
wordfence