Wpaffiliatemanager Affiliates Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Wpaffiliatemanager Affiliates Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-2798 — CVSS 8.0 (high): The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users…
CVE-2021-24844 — CVSS 7.2 (high): The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the…
CVE-2021-25078 — CVSS 6.1 (medium): The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click…
CVE-2023-52148 — CVSS 5.3 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue…
CVE-2022-2799 — CVSS 4.8 (medium): The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-0859 — CVSS 4.3 (medium): The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This…