4 matches found
EUVD-2024-16642
Malicious code in bioql PyPI...
CVE-2024-0859
The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the processbulkaction function in ListAffiliatesTable.php. This makes it possible for unauthenticated...
PT-2024-35467 · Unknown · Wp-Affiliate-Platform
Name of the Vulnerable Software and Affected Versions: wp-affiliate-platform versions prior to 6.5.2 Description: The issue concerns a lack of CSRF check when deleting affiliates, which could allow attackers to make a logged-in user change or delete them via a CSRF attack. Recommendations: For...
CVE-2024-0859 Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery
The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the processbulkaction function in ListAffiliatesTable.php. This makes it possible for unauthenticated...