Unauthorized Image Upload + CSRF vulnerabilities discovered by Muhamad Hidayat in WordPress ThirstyAffiliates Affiliate Link Manager plugin (versions <= 3.10.4).
Update the WordPress ThirstyAffiliates Affiliate Link Manager plugin to the latest available version (at least 3.10.5).