WordPress Plugin Vulnerability Leaves Non-Logged in Users Susceptible to XSS Attacks

CVE-2024-5280

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: WP-affiliate-platform
Vendor: CVE Published:; 13 July 2024

Summary

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack

Affected Version(s)

wp-affiliate-platform < 6.5.1

Timeline

Vulnerability published.
Jul 13, 2024
Vulnerability Reserved.
May 23, 2024

Collectors

NVD DatabaseMitre Database

Credit

caon

WPScan