CVE-2024-5285

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/792f3904-88bd-47d1-9049-afccdd74853a/

Configurations

No configuration.

History

29 Jul 2024, 14:12

Type	Values Removed	Values Added
Summary		(es) El complemento de WordPress wp-affiliate-platform anterior a 6.5.2 no tiene activada la verificación CSRF al eliminar afiliados, lo que podría permitir a los atacantes realizar un cambio de usuario registrado y eliminarlos mediante un ataque CSRF.

29 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 06:15

Updated : 2024-07-29 14:12

NVD link : CVE-2024-5285

Mitre link : CVE-2024-5285

CVE.ORG link : CVE-2024-5285

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-5285

Attach tags to `CVE-2024-5285`