CVE-2024-5280

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tipsandtricks-hq:wp_affiliate_platform:*:*:*:*:*:wordpress:*:*

History

19 May 2025, 14:58

Type	Values Removed	Values Added
CPE		cpe:2.3:a:tipsandtricks-hq:wp_affiliate_platform::::::wordpress::*
CWE		CWE-352
First Time		Tipsandtricks-hq Tipsandtricks-hq wp Affiliate Platform
References	~~() https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/ -~~	() https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/ - Exploit, Third Party Advisory

13 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-13 06:15

Updated : 2025-05-19 14:58

NVD link : CVE-2024-5280

Mitre link : CVE-2024-5280

JSON object : View

Products Affected

tipsandtricks-hq

wp_affiliate_platform

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

JSON object

Attach tags to CVE-2024-5280

Attach tags to `CVE-2024-5280`