Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.
5.9CVSS
5.2AI Score
0.0005EPSS
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit β WordPress Affiliate Plugin.This issue affects affiliate-toolkit β WordPress Affiliate Plugin: from n/a through 3.3.9.
6.1CVSS
6.2AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit β WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit β WordPress Affiliate Plugin: from n/a through 3.4.3.
7.1CVSS
6.5AI Score
0.0005EPSS
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a S...
9.8CVSS
9.7AI Score
0.001EPSS
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.
5.3CVSS
5.4AI Score
0.0004EPSS
The affiliate-toolkit β WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web applica...
5.3CVSS
5.1AI Score
0.0005EPSS