2 matches found
CVE-2022-0634
The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker...
CVE-2022-0634
The CVE concerns the ThirstyAffiliates WordPress plugin prior to 3.10.5, where ta_insert_external_image lacks proper authorization checks and CSRF protection. This enables a low-privilege user (e.g., Subscriber) to attach an image from an external URL to an affiliate link, potentially affecting l...