CVE Vulnerability

CVE-2022-0398

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website

4.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:caseproof:thirstyaffiliates_affiliate_link_manager:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-04-25 04:16

Updated : 2022-05-04 02:34

NVD link : CVE-2022-0398

Mitre link : CVE-2022-0398

Products Affected
No products.
CWE
CWE-862