CVE-2024-12336

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...

WordPress WC Affiliate plugin < 2.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WC Affiliate versions 2.4...

CVE-2024-12321

The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12321

The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-12321

CVE-2024-12321 : The WC Affiliate WordPress plugin (versions up to 2.3.9) does not sanitize/escape a user-controlled parameter before echoing it in a page, enabling a reflected Cross-Site Scripting vulnerability. Impact is described as potentially actionable against high-privilege users such as a...

WordPress plugin WC Affiliate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...