Cbads: Security Vulnerabilities
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
CVSS Score
9.6
EPSS Score
0.002
Published
2021-12-02
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-12-02