Cbads: >> Clickbank Affiliate Ads Security Vulnerabilities
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
CVSS Score
9.6
EPSS Score
0.002
Published
2021-12-02
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-12-02