Filtered by vendor Servit
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5877 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | 9.8 Critical |
| The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue. | ||||
| CVE-2023-46086 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. | ||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | ||||
| CVE-2023-23786 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | 5.9 Medium |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions. | ||||
| CVE-2024-6562 | 1 Servit | 1 Affiliate-toolkit | 2024-08-12 | 5.3 Medium |
| The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
Page 1 of 1.