CVE-2022-0818
N/A
N/A
Summary
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WooCommerce Affiliate Plugin – Coupon Affiliates | 4.16.4.5 < 4.16.4.5 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.