CVE-2022-2798

CWE-12363 documents3 sources

Severity

8.0HIGH

EPSS

0.9%

top 24.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Affiliates Manager Wpaffiliatemanager Affiliates Manager

Timeline

PublishedSep 16

Latest updateSep 17

Description

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5unknown/affiliates_manager2.9.14 — 2.9.14

▶NVDwpaffiliatemanager/affiliates_manager< 2.9.14

🔴Vulnerability Details

GHSA

GHSA-j77h-m5qv-6jf7: The Affiliates Manager WordPress plugin before 2↗2022-09-17

▶

CVEList

Affiliates Manager < 2.9.14 - Affiliate CSV Injection↗2022-09-16

▶