3 matches found
CVE-2024-5864
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-5864 Easy Affiliate Links <= 3.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Easy Affiliate Links Plugin <= 3.7.3 is vulnerable to Broken Access Control
Software Easy Affiliate Links Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5864 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 72170cb45e64 Credits Lucio Sá Required privile...