EUVD-2024-43506

Malicious code in bioql PyPI...

EUVD-2022-43233

Malicious code in bioql PyPI...

CVE-2024-5283

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5281

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5286

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5282

The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-3896

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER"REQUESTURI" in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2022-3898

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...

CVE-2024-49645

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through = 1.4.8...

CVE-2024-49645

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8...

CVE-2024-49645

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through = 1.4.8...

CVE-2024-49645 WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ilias Gomatos Affiliate Platform smdp-affiliate-platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through = 1.4.8...

CVE-2024-49645 WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8...

CVE-2024-49645

CVE-2024-49645 : Reflected Cross-Site Scripting in the WordPress plugin “Affiliate Platform” (smdp-affiliate-platform) versions

WordPress plugin Affiliate Platform 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-33598 · Unknown · Ilias Gomatos Affiliate Platform

Name of the Vulnerable Software and Affected Versions: Ilias Gomatos Affiliate Platform versions 1.4.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...

WordPress Affiliate Platform plugin <= 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Affiliate Platform versions = 1.4.8...

WordPress Affiliate Platform Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Affiliate Platform Type Plugin Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49645 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e63013ed9d44 Credits Mika Required privilege...

CVE-2024-5285

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...

CVE-2024-5285 WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...