Security Advisory

CVE-2022-0398

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-25 15:50:57

Last updated 2024-08-02 23:25:40

Assigner WPScan

State PUBLISHED

Description

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website

← Browse all CVEs View on cve.org ↗