Affiliate-toolkit Security Vulnerabilities and Issues — Affiliate-toolkit CVE List

Lucene search

ServitAffiliate-toolkit

9 matches found

CVE•added 2023/11/30 4:15 p.m.•87 views

CVE-2023-46086

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.

7.1CVSS6.7AI score0.00193EPSS

CVE•added 2024/03/08 7:15 a.m.•74 views

CVE-2024-1851

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level ac...

6.5CVSS6.6AI score0.00049EPSS

CVE•added 2024/03/08 7:15 a.m.•72 views

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.9AI score0.00066EPSS

CVE•added 2023/12/19 8:15 p.m.•70 views

CVE-2023-45105

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.

6.1CVSS5.4AI score0.00114EPSS

CVE•added 2024/01/01 3:15 p.m.•53 views

CVE-2023-5877

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a S...

9.8CVSS9.7AI score0.00342EPSS

CVE•added 2025/04/22 10:15 a.m.•40 views

CVE-2025-46231

Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.

8.8CVSS5.5AI score0.00024EPSS

CVE•added 2024/07/10 6:15 p.m.•37 views

CVE-2024-37205

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.

5.3CVSS5.7AI score0.00148EPSS

CVE•added 2024/08/12 1:38 p.m.•36 views

CVE-2024-6562

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web applica...

5.3CVSS5.1AI score0.00402EPSS

CVE•added 2023/05/10 8:15 a.m.•26 views

CVE-2023-23786

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin

5.9CVSS5.2AI score0.00051EPSS