2 matches found
CVE-2024-5285 WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...
WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...