Lucene search
WpvulndbWPVDB-ID:D26A5F83-4786-47E5-8B9C-DA2B5AA6B0EDHistoryNov 15, 2023 - 12:00 a.m.
Auto Affiliate Links < 6.4.2.5 - Settings Update to Stored XSS via CSRF
2023-11-1500:00:00
wpscan.com
11
auto affiliate links
csrf
settings update
stored xss
sanitisation
escaping
software vulnerability
Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Related
prion
prion
Cross site request forgery (csrf)
2023-11-13 04:15:00
vulnrichment
vulnrichment
cve
cve
CVE-2023-47652
2023-11-13 04:15:08
cvelist
cvelist
nvd
nvd
CVE-2023-47652
2023-11-13 04:15:08
wordfence
wordfence
AI Score
6
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for WPVDB-ID:D26A5F83-4786-47E5-8B9C-DA2B5AA6B0ED