RSS   Podatności dla 'Clickbank affiliate ads'   RSS

2021-12-02
 
CVE-2015-20105

CWE-352
 

 
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues

 
 
CVE-2015-20106

CWE-79
 

 
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

 


Copyright 2024, cxsecurity.com

 

Back to Top