Cross-Site Scripting Vulnerability in WordPress' wp-affiliate-platform Plugin
CVE-2024-5282
Currently unrated 🤨
Summary
The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected Version(s)
wp-affiliate-platform < 6.5.1
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Bob Matyas
WPScan