3 matches found
CVE-2022-3898
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
CVE-2022-3898 WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
CVE-2022-3898
CVE-2022-3898 affects the WordPress WP Affiliate Platform plugin (versions up to 6.3.9). The root cause is missing or incorrect nonce validation on multiple functions, including the affiliates_menu method, enabling CSRF. This can allow unauthenticated attackers to delete affiliate records by tric...