The wp-affiliate-platform WordPress plugin before 6.5.2...
Moderate severity
Unreviewed
Published
Jul 29, 2024
to the GitHub Advisory Database
•
Updated Aug 1, 2024
Description
Published by the National Vulnerability Database
Jul 29, 2024
Published to the GitHub Advisory Database
Jul 29, 2024
Last updated
Aug 1, 2024
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack
References