WordPress Plugin Vulnerabilities

Affiliates Manager < 2.6.6 - CRSF Issues

Description

Multiple actions were lacking CSRF checks, and could allow attackers to change the plugin's settings via CSRF attacks

Affects Plugins

Plugin icon
affiliates-manager
Fixed in 2.6.6

References

CVE
CVE-2019-15868
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2095271%40affiliates-manager&old=2095270%40affiliates-manager

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
d33f4f7c-300e-491d-bee0-5ee87ab00ea6

Timeline

Publicly Published
2019-05-26 (about 6 years ago)
Added
2019-06-12 (about 6 years ago)
Last Updated
2020-09-11 (about 5 years ago)

Other

Published
Title
Published
2025-05-07
Title
EasyMe Connect <= 3.0.3 - Cross-Site Request Forgery
Published
2014-08-01
Title
GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF
Published
2025-02-03
Title
Vignette Ads <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-10-18
Title
Open Graph Metabox <= 1.4.4 - CSRF
Published
2020-06-16
Title
Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF