Affiliate-toolkit@* Security Vulnerabilities and Issues — Affiliate-toolkit@* CVE List

Lucene search

ServitAffiliate-toolkit*

3 matches found

CVE•added 2024/03/08 7:15 a.m.•75 views

CVE-2024-1851

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level ac...

6.5CVSS6.6AI score0.00049EPSS

CVE•added 2024/03/08 7:15 a.m.•73 views

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.9AI score0.00066EPSS

CVE•added 2024/01/01 3:15 p.m.•54 views

CVE-2023-5877

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a S...

9.8CVSS9.7AI score0.00342EPSS

Web