2 matches found
CVE-2024-8478 Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it...
WordPress Affiliate Super Assistent Plugin <= 1.5.3 is vulnerable to Broken Access Control
Software Affiliate Super Assistent Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-8478 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5f6f408b4c81 Credits Francesco...