Описание
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.20 (включая)
cpe:2.3:a:cbads:clickbank_affiliate_ads:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00246
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 4 лет назад
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
EPSS
Процентиль: 48%
0.00246
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79