The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.tipsandtricks-hq.com/wordpress-affiliate-platform-plugin-simple-affiliate-program-for-wordpress-blogsite-1474 - Product | |
References | () https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3896 - Third Party Advisory |
01 Dec 2022, 19:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:wp_affiliate_platform_project:wp_affiliate_platform:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-79 | |
References | (MISC) https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3896 - Third Party Advisory | |
References | (MISC) https://www.tipsandtricks-hq.com/wordpress-affiliate-platform-plugin-simple-affiliate-program-for-wordpress-blogsite-1474 - Product |
29 Nov 2022, 21:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-29 21:15
Updated : 2024-11-21 07:20
NVD link : CVE-2022-3896
Mitre link : CVE-2022-3896
CVE.ORG link : CVE-2022-3896
JSON object : View
Products Affected
wp_affiliate_platform_project
- wp_affiliate_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')