CVE-2023-52130 — Cross-Site Request Forgery in Wpaffiliatemgr Affiliates Manager

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

CNA4.3

EPSS

0.1%

top 78.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wp.insider Wpaffiliatemgr Affiliates Manager Wpaffiliatemanager Affiliates Manager

Timeline

PublishedJan 5

Description

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5wp.insider_wpaffiliatemgr/affiliates_managern/a — 2.9.31

▶NVDwpaffiliatemanager/affiliates_manager2.9.31

🔴Vulnerability Details

GHSA

GHSA-xv7q-66p6-r28c: Cross-Site Request Forgery (CSRF) vulnerability in wp↗2024-01-05

▶

CVEList

WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF)↗2024-01-05

▶