WP Affiliate Platform < 6.4.0 – Reflected Cross-Site Scripting | CVE 2022-3896

Affects Plugins

wp-affiliate-platform

Fixed in 6.4.0

References

CVE

CVE-2022-3896

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.7 (medium)

Miscellaneous

Original Researcher

Marco Wotschka

Verified

No

WPVDB ID

68573453-a09d-406b-8f0b-f5df2a247681

Timeline

Publicly Published

2022-11-14 (about 1 years ago)

Added

2022-11-14 (about 1 years ago)

Last Updated

2022-11-14 (about 1 years ago)

Other

Published

Title

Published

2023-07-18

Title

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Published

2017-12-10

Title

SagePay Server Gateway for WooCommerce <= 1.0.8 - Unauthenticated Cross-Site Scripting (XSS)

Published

2023-09-27

Title

RSVPMarker < 10.6.7 - Admin+ Stored XSS

Published

2024-05-06

Title

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) < 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget

Published

2023-10-18

Title

Get Custom Field Values < 4.1 - Admin+ Stored XSS