3 matches found
CVE-2024-5282
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5282 WP Affiliate Platform < 6.5.1 - Reflected XSS via Registration Form
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5282
CVE-2024-5282 — wp-affiliate-platform prior to 6.5.1 allows reflected XSS by not sanitizing/escaping a parameter before echoing it. Impact targets high-privilege users (admin). Remediation: upgrade to version 6.5.1 or later (patched). References across connected feeds corroborate the reflected XS...