The ThirstyAffiliates Affiliate Link Manager WordPress plugin was vulnerable to authenticated stored Cross-Site Scripting (XSS). An authenticated attacker, such as an author, could attach an image with malicious JavaScript as its title, which would be executed once viewed by an administrator user.
https://drive.google.com/file/d/1tFhSPnnzRSVLx-T0TwtHGbUTK63ib6xq/view
CPE | Name | Operator | Version |
---|---|---|---|
thirstyaffiliates | lt | 3.9.3 |