3 matches found
CVE-2024-0859 Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery
The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the processbulkaction function in ListAffiliatesTable.php. This makes it possible for unauthenticated...
CVE-2024-0859
CVE-2024-0859: The Affiliates Manager WordPress plugin is affected by CSRF due to missing/incorrect nonce validation in ListAffiliatesTable.php (process_bulk_action). Affected versions are up to 2.9.34. Unauthenticated attackers can delete affiliates via forged requests if they trick an admin. CV...
WordPress Affiliates Manager Plugin <= 2.9.34 is vulnerable to Cross Site Request Forgery (CSRF)
Software Affiliates Manager Type Plugin Vulnerable versions = 2.9.34 Fixed in 2.9.35 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0859 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c596216f27c Credits Nathaniel Oh...