WordPress Affiliate Program Suite — SliceWP Affiliates plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SliceWP versions = 1.2.7...

CVE-2023-45105

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9...

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2025-14734

CVE-2025-14734 concerns the Amazon affiliate lite Plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) affecting all versions up to 1.0.0, caused by missing or incorrect nonce validation in the ADAL_settings_page function. This enables unauthenticated attackers to update...

EUVD-2024-27253

Malicious code in bioql PyPI...

EUVD-2023-50347

Malicious code in bioql PyPI...

EUVD-2023-49426

Malicious code in bioql PyPI...

EUVD-2024-54084

Malicious code in bioql PyPI...

EUVD-2024-52074

Malicious code in bioql PyPI...

EUVD-2023-32610

Malicious code in bioql PyPI...

EUVD-2024-47634

Malicious code in bioql PyPI...

EUVD-2024-17576

Malicious code in bioql PyPI...

EUVD-2025-12014

Malicious code in bioql PyPI...

EUVD-2022-15868

Malicious code in bioql PyPI...

EUVD-2024-50781

Malicious code in bioql PyPI...

CVE-2024-1851

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2024-6562

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due displayerrors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web...

CVE-2023-28992

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin = 5.4.3 versions...

CVE-2023-30475

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...

WordPress plugin WC Affiliate 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...