62 matches found
CVE-2026-2290
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
WordPress Post Affiliate Pro plugin <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field vulnerability
Authenticated Administrator+ Server-Side Request Forgery via 'Post Affiliate Pro URL' Field vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Post Affiliate Pro versions = 1.28.0...
EUVD-2026-13997
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
CVE-2026-2290
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
CVE-2026-2290 Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
CVE-2026-2290
CVE-2026-2290 : The WordPress plugin Post Affiliate Pro (for WordPress) is affected by a Server-Side Request Forgery in all versions up to and including 1.28.0. Exploitation requires Administrator-level access and allows the attacker to trigger web requests from the application and read the respo...
CVE-2026-2290
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
CVE-2026-2290 Post Affiliate Pro <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
WordPress plugin Post Affiliate Pro 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26831
The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the...
EUVD-2005-3904
Malware in sbrugna...
EUVD-2005-3905
Malware in sbrugna...
EUVD-2012-2686
Malware in sbrugna...
EUVD-2012-3749
Malware in sbrugna...
EUVD-2008-4582
Malware in sbrugna...
EUVD-2008-5604
Malware in sbrugna...
EUVD-2023-42298
Malicious code in bioql PyPI...
Post Affiliate Pro <= 1.26.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-38482
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QualityUnit Post Affiliate Pro plugin = 1.25.0 versions...
CVE-2023-38482
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QualityUnit Post Affiliate Pro plugin = 1.25.0 versions...