CVE-2026-25024 WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through = 3.11.9...

CVE-2026-25024

CVE-2026-25024 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin ThirstyAffiliates (thirstyaffiliates) by Blair Williams, affecting versions up to and including 3.11.9. The Red Hat, NVD, CVE List, and related sources consistently state the issue is CSRF and affec...

EUVD-2026-5308

Cross-Site Request Forgery CSRF vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through = 3.11.9...

WordPress plugin ThirstyAffiliates 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2022-0634

The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker...

CVE-2025-67537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through = 3.11.8...

EUVD-2025-202107

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through = 3.11.8...

CVE-2025-67537

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through = 3.11.8...

CVE-2025-67537 WordPress ThirstyAffiliates plugin <= 3.11.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through = 3.11.8...

CVE-2025-67537 WordPress ThirstyAffiliates plugin <= 3.11.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through = 3.11.8...

EUVD-2021-11041

Malware in sbrugna...

EUVD-2022-15544

Malicious code in bioql PyPI...

EUVD-2022-15731

Malicious code in bioql PyPI...

CVE-2021-24127

Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting XSS, which could lead to privilege escalation...

CVE-2022-0398

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an...