exploitDog

CVE-2022-0398

Опубликовано: 25 апр. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 4.9

EPSS Низкий

Описание

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website

Ссылки

https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:caseproof:thirstyaffiliates_affiliate_link_manager:*:*:*:*:*:wordpress:*:*

Версия до 3.10.5 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-mvmq-p5xj-8vj6

CVSS3: 5.4

github

почти 4 года назад

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website

EPSS

Процентиль: 21%

0.00066

Низкий

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-352