exploitDog

CVE-2022-2798

Опубликовано: 16 сент. 2022

Источник: nvd

CVSS3: 8

EPSS Низкий

Описание

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

Ссылки

https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpaffiliatemanager:affiliates_manager:*:*:*:*:*:wordpress:*:*

Версия до 2.9.14 (исключая)

EPSS

Процентиль: 75%

0.00869

Низкий

8 High

CVSS3

Дефекты

CWE-1236

Связанные уязвимости

GHSA-j77h-m5qv-6jf7

CVSS3: 8

github

больше 3 лет назад

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

EPSS

Процентиль: 75%

0.00869

Низкий

8 High

CVSS3

Дефекты

CWE-1236