3 matches found
CVE-2024-1843
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add...
CVE-2024-1843 Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add...
WordPress Auto Affiliate Links Plugin <= 6.4.3 is vulnerable to Broken Access Control
Software Auto Affiliate Links Type Plugin Vulnerable versions = 6.4.3 Fixed in 6.4.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1843 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 446cb40c7edd Credits Lucio Sá Required...