WordPress Plugin Vulnerabilities

WP Affiliate Manager < 1.1 - Reflected Cross-Site Scripting

Description

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

Proof of Concept

Affects Plugins

Plugin icon
wp-affiliate-platform
Fixed in 1.1

References

URL
https://packetstormsecurity.com/files/#126424/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Felipe Andrian Peixoto
Verified
Yes
WPVDB ID
4f94aefe-fd3e-40be-be60-9c2fb33e8dd3

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2022-10-20 (about 3 years ago)

Other

Published
Title
Published
2026-04-07
Title
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce < 6.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar
Published
2024-09-24
Title
Charity Addon for Elementor < 1.3.2 - Contributor+ Stored XSS
Published
2023-05-15
Title
WooCommerce Pre-Orders < 2.0.0 - Reflected XSS
Published
2015-10-05
Title
ResAds <= 1.0.1 - Reflected Cross-Site Scripting (XSS)
Published
2026-03-30
Title
Query Monitor < 3.20.4 - Reflected Cross-Site Scripting via Request URI