CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3896

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.3%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.tipsandtricks-hq.com/wordpress-affiliate-platform-plugin-simple-affiliate-program-for-wordpress-blogsite-1474
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3896
https://www.tipsandtricks-hq.com/wordpress-affiliate-platform-plugin-simple-affiliate-program-for-wordpress-blogsite-1474
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3896

Products affected by CVE-2022-3896

Wp Affiliate Platform Project » Wp Affiliate Platform » Version: 6.3.9

cpe:2.3:a:wp_affiliate_platform_project:wp_affiliate_platform:6.3.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3896

Products

Pricing

Contact Us