4 matches found
CVE-2024-1851
CVE-2024-1851 affects the WordPress plugin “affiliate-toolkit – WordPress Affiliate Plugin.” The vulnerability is a broken access control due to a missing capability check in the function atkp_create_list(), present in all versions up to and including 3.5.4. This allows authenticated attackers wi...
CVE-2024-2298
CVE-2024-2298 affects the WordPress plugin “affiliate-toolkit – WordPress Affiliate Plugin”. The root cause is a missing capability check in the atkp_import_product() function, leading to broken access control. This allows authenticated users with subscriber-level access and above to perform unau...
CVE-2023-5877
The CVE pertains to the WordPress plugin affiliate-toolkit (versions prior to 3.4.3). Affected component is the affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, where lack of authorization/authentication allows unauthenticated visitors to trigger requests to arbitrary URLs, includ...
CVE-2025-46231
CVE-2025-46231 is a CSRF vulnerability in the WordPress plugin affiliate-toolkit (SERVIT Software Solutions) affecting versions up to 3.7.3. The vulnerability is acknowledged as patched in vendor/security feeds; remediation is to update to a version that includes the fix (the Patchstack entry not...