Cross site scripting

2021-12-0218:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues

CPENameOperatorVersion
clickbank_affiliate_adsle1.20

CPE	Name	Operator	Version
	clickbank_affiliate_ads	le	1.20

References

packetstormsecurity.com/files/131814/

seclists.org/bugtraq/2015/May/45

wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0