5 matches found
CVE-2024-5285
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...
WordPress WP Affiliate Platform plugin < 6.5.2 - Affiliate Deletion via CSRF vulnerability
Affiliate Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.2...
CVE-2024-5285
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...
CVE-2024-5285 WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...
CVE-2006-4895
IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php...