CVE-2023-23786

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

CVE-2024-10675

The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

WordPress affiliate-toolkit Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10227 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 78a335fc5aaa Credits Peter Thaleikis...

WordPress affiliate-toolkit plugin <= 3.5.5 - Unauthenticated Full Path Dislcosure vulnerability

Unauthenticated Full Path Dislcosure vulnerability discovered by stealthcopter in WordPress Plugin affiliate-toolkit versions = 3.5.5...

WordPress affiliate-toolkit Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.4.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29817 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID af7f576cd2e1 Credits Ngô Thiên An ancorn from VNPT-VCI...

CVE-2023-5877

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a...

CVE-2023-5877 affiliate-toolkit < 3.4.3 - Unauthenticated SSRF

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a...

CVE-2023-23786

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

CVE-2023-23786

CVE-2023-23786 concerns the WordPress affiliate-toolkit plugin from Christof Servit, with a Stored XSS issue exploitable by users with Editor+ permissions in versions