WordPress Plugin Vulnerabilities

Auto Affiliate Links < 6.3.0.3 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
wp-auto-affiliate-links
Fixed in 6.3.0.3

References

CVE
CVE-2023-25973

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
6231ea46-2ce9-436d-bd27-32964d1729c1

Timeline

Publicly Published
2023-02-22 (about 3 years ago)
Added
2023-03-13 (about 3 years ago)
Last Updated
2023-03-13 (about 3 years ago)

Other

Published
Title
Published
2022-05-18
Title
Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF
Published
2014-08-01
Title
IndiaNIC FAQs Manager 1.0 - FAQ Setting Manipulation CSRF
Published
2024-12-17
Title
Affiliate Program Suite — SliceWP Affiliates < 1.1.24 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2025-06-27
Title
WP YouTube Live < 1.10.1 - Cross-Site Request Forgery
Published
2025-03-24
Title
Generate Post Thumbnails <= 0.8 - Cross-Site Request Forgery