CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-20105

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.8%

CVSS Severity

CVSS v3 Score 9.6

CVSS v2 Score 6.8

References

https://packetstormsecurity.com/files/131814/
https://seclists.org/bugtraq/2015/May/45
https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0
https://packetstormsecurity.com/files/131814/
https://seclists.org/bugtraq/2015/May/45
https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0

Products affected by CVE-2015-20105

Cbads » Clickbank Affiliate Ads » Version: Any

cpe:2.3:a:cbads:clickbank_affiliate_ads:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-20105

Products

Pricing

Contact Us