3 matches found
WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...
CVE-2024-5287 WP Affiliate Platform < 6.5.1 - Profile Update via CSRF
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack...
CVE-2024-5287 WP Affiliate Platform < 6.5.1 - Profile Update via CSRF
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack...