cbcvebase.

Servit Affiliate-Toolkit vulnerabilities

7 known vulnerabilities affecting servit/affiliate-toolkit.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2023-5877P2CRITICALCVSS 9.8fixed in 3.4.32024-01-01
CVE-2023-5877 [CRITICAL] CWE-862 CVE-2023-5877: The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for reque The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.
nvd
CVE-2025-46231P3HIGHCVSS 8.8fixed in 3.7.42025-04-22
CVE-2025-46231 [HIGH] CWE-352 CVE-2025-46231: Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affil Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit affiliate-toolkit-starter allows Cross Site Request Forgery.This issue affects affiliate-toolkit: from n/a through <= 3.7.3.
nvd
CVE-2024-1851P3MEDIUMCVSS 6.5fixed in 3.5.52024-03-08
CVE-2024-1851 [MEDIUM] CWE-862 CVE-2024-1851: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorize The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions suc
nvd
CVE-2023-45105P4MEDIUMCVSS 6.1≤ 3.3.92023-12-19
CVE-2023-45105 [MEDIUM] CWE-601 CVE-2023-45105: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affil URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.
nvd
CVE-2023-46086P4MEDIUMCVSS 6.1≤ 3.4.32023-11-30
CVE-2023-46086 [MEDIUM] CWE-79 CVE-2023-46086: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.
nvd
CVE-2023-23786P4MEDIUMCVSS 5.4≤ 3.3.32023-05-10
CVE-2023-23786 [MEDIUM] CWE-79 CVE-2023-23786: Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.
nvd
CVE-2024-2298P4MEDIUMCVSS 4.3fixed in 3.5.52024-03-08
CVE-2024-2298 [MEDIUM] CWE-862 CVE-2024-2298: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorize The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions
nvd
Servit Affiliate-Toolkit vulnerabilities | cvebase