CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Patchstack•added 2026/02/02 8:4 a.m.•5 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Affiliate Editing vulnerability

Reflected XSS via Affiliate Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

6.1CVSS5.2AI score0.00244EPSS

Exploits1References1Affected Software1

Patchstack•added 2026/02/02 8:4 a.m.•4 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Registration Form vulnerability

Reflected XSS via Registration Form vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

6.1CVSS5.2AI score0.00396EPSS

Exploits1References1Affected Software1

Patchstack•added 2026/02/02 8:3 a.m.•4 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Lead Editing vulnerability

Reflected XSS via Lead Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

6.1CVSS5.2AI score0.00244EPSS

Exploits1References1Affected Software1

Patchstack•added 2026/02/02 8:2 a.m.•4 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Banner Editing vulnerability

Reflected XSS via Banner Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

4.8CVSS5.2AI score0.0017EPSS

Exploits1References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-4032

Malware in sbrugna...

7.5CVSS6.4AI score0.00677EPSS

Exploits0References7

Patchstack•added 2024/07/29 6:33 a.m.•2 views

WordPress WP Affiliate Platform plugin < 6.5.2 - Affiliate Deletion via CSRF vulnerability

Affiliate Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.2...

5.5CVSS7AI score0.00149EPSS

Exploits1References1Affected Software1

Patchstack•added 2024/07/29 12:0 a.m.•6 views

WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...

5.5CVSS6.7AI score0.00149EPSS

Exploits1References3Affected Software1

Patchstack•added 2024/07/15 2:52 a.m.•1 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Profile Update via CSRF vulnerability

Profile Update via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

7.1CVSS7AI score0.00136EPSS

Exploits1References1Affected Software1

Patchstack•added 2024/07/15 2:52 a.m.•3 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...

6.8CVSS6AI score0.00115EPSS

Exploits1References1Affected Software1

Patchstack•added 2024/07/15 2:49 a.m.•1 views

WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by caon in WordPress Plugin Affiliate Manager versions 6.5.1...

4.7CVSS6.4AI score0.00209EPSS

Exploits1References1Affected Software1

Patchstack•added 2024/07/15 12:0 a.m.•7 views

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5280 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0fe8966b39d9 Credits caon Required...

4.7CVSS5.7AI score0.00209EPSS

Exploits1References3Affected Software1

Patchstack•added 2024/07/15 12:0 a.m.•11 views

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

7.1CVSS6.7AI score0.00136EPSS

Exploits1References3Affected Software1

Patchstack•added 2024/07/15 12:0 a.m.•7 views

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5284 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f0487dd08240 Credits Bob Matyas Required...

6.8CVSS6.7AI score0.00115EPSS

Exploits1References3Affected Software1

CNNVD•added 2022/09/16 12:0 a.m.•3 views

WordPress plugin Affiliates Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogging sites on PHP and MySQL servers. A security vulnerability exists in the WordPres...

8CVSS7.7AI score0.00916EPSS

Exploits2References2

CNVD•added 2022/01/26 12:0 a.m.•14 views

WordPress affiliate Manager WordPress plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress plugin Affiliates Manager prior to...

4.3CVSS2.1AI score0.05009EPSS

Exploits2Affected Software1

WPVulnDB•added 2021/10/11 12:0 a.m.•19 views

Affiliate Manager < 2.8.7 - Admin+ SQL injection

The plugin does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue PoC POST /wp-admin/admin.php?page=wpam-affiliates=exportdata=if=0,1,SLEEP10 HTTP/1.1 Accept:...

7.2CVSS2.2AI score0.00567EPSS

Exploits2References2Affected Software1

wpexploit•added 2021/10/11 12:0 a.m.•741 views

Affiliate Manager < 2.8.7 - Admin+ SQL injection

The plugin does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue POST /wp-admin/admin.php?page=wpam-affiliates&tab=exportdata&orderby=if&order=0,1,SLEEP10 HTTP/1.1 Accept:...

7.2CVSS2.1AI score0.00567EPSS

Exploits2References2

wpexploit•added 2020/09/14 12:0 a.m.•13 views

Affiliate Manager < 2.7.8 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly validate and sanitise data passed to the affiliate-register form, allowing unauthenticated user to set XSS payloads in some of its fields. The payloads will then be triggered when privileged users, such as admin, will view the created affiliate in the backend. As an...

1.2AI score

Exploits0References1

WPVulnDB•added 2020/09/14 12:0 a.m.•12 views

Affiliate Manager < 2.7.8 - Unauthenticated Stored Cross-Site Scripting (XSS)

3.9AI score

Exploits0References1Affected Software1

WPVulnDB•added 2014/08/01 10:59 a.m.•14 views

WP Affiliate Manager - login.php msg Parameter XSS

The wp-affiliate-platform WordPress plugin was affected by a login.php msg Parameter XSS security vulnerability...

3AI score

Exploits0References1Affected Software1

Rows per page