CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3897

The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.3%

CVSS Severity

CVSS v3 Score 5.5

References

https://www.tipsandtricks-hq.com/wordpress-affiliate-platform-plugin-simple-affiliate-program-for-wordpress-blogsite-1474
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3897
https://www.tipsandtricks-hq.com/wordpress-affiliate-platform-plugin-simple-affiliate-program-for-wordpress-blogsite-1474
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3897

Products affected by CVE-2022-3897

Wp Affiliate Platform Project » Wp Affiliate Platform » Version: 6.3.9

cpe:2.3:a:wp_affiliate_platform_project:wp_affiliate_platform:6.3.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3897

Products

Pricing

Contact Us