CVE-2024-5280
13.07.2024, 06:15
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack
| Vendor | Product | Version |
|---|---|---|
| tipsandtricks-hq | wp_affiliate_platform | 𝑥 < 6.5.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration