CVE-2021-25078
N/A
N/A
Summary
The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Affiliates Manager | 2.9.0 < 2.9.0 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e
- https://plugins.trac.wordpress.org/changeset/2648196
References
- https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e
- https://plugins.trac.wordpress.org/changeset/2648196
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.