CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-0818

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.6%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://wpscan.com/vulnerability/c43fabb4-b388-462c-adc4-c6b25af7043b
https://wpscan.com/vulnerability/c43fabb4-b388-462c-adc4-c6b25af7043b

Products affected by CVE-2022-0818

Yithemes » Woocommerce Affiliate » Version: Any

cpe:2.3:a:yithemes:woocommerce_affiliate:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0818

Products

Pricing

Contact Us