The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2648196 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-01-24T08:01:25
Updated: 2022-01-24T08:01:25
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25078
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-24T08:15:09.837
Modified: 2022-01-28T16:26:28.670
Link: CVE-2021-25078
JSON object: View
Redhat Information
No data.
CWE