Lucene search
K

4 matches found

CVE
CVE
added 2024/03/08 6:58 a.m.89 views

CVE-2024-1851

CVE-2024-1851 affects the WordPress plugin “affiliate-toolkit – WordPress Affiliate Plugin.” The vulnerability is a broken access control due to a missing capability check in the function atkp_create_list(), present in all versions up to and including 3.5.4. This allows authenticated attackers wi...

6.5CVSS6.6AI score0.00291EPSS
CVE
CVE
added 2024/03/08 6:58 a.m.88 views

CVE-2024-2298

CVE-2024-2298 affects the WordPress plugin “affiliate-toolkit – WordPress Affiliate Plugin”. The root cause is a missing capability check in the atkp_import_product() function, leading to broken access control. This allows authenticated users with subscriber-level access and above to perform unau...

4.3CVSS4.9AI score0.00324EPSS
CVE
CVE
added 2024/01/01 2:18 p.m.65 views

CVE-2023-5877

The CVE pertains to the WordPress plugin affiliate-toolkit (versions prior to 3.4.3). Affected component is the affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, where lack of authorization/authentication allows unauthenticated visitors to trigger requests to arbitrary URLs, includ...

9.8CVSS9.7AI score0.00898EPSS
Web
CVE
CVE
added 2025/04/22 9:53 a.m.54 views

CVE-2025-46231

CVE-2025-46231 is a CSRF vulnerability in the WordPress plugin affiliate-toolkit (SERVIT Software Solutions) affecting versions up to 3.7.3. The vulnerability is acknowledged as patched in vendor/security feeds; remediation is to update to a version that includes the fix (the Patchstack entry not...

8.8CVSS7.2AI score0.00153EPSS