Vulnerabilities and security researches foraffiliate-toolkit-starter affiliate-toolkit-starter

Direction: ascending

Jun 07, 2024

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2023-46086

CVE, Research URL: CVE-2023-46086
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Nov 30, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3.
Affected versions: Min -, max -.
Status: vulnerable

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-1851

CVE, Research URL: CVE-2024-1851
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Mar 08, 2024
Research Description: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.
Affected versions: Min -, max -.
Status: vulnerable

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2023-23786

CVE, Research URL: CVE-2023-23786
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: May 10, 2023
Research Description: Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.
Affected versions: Min -, max -.
Status: vulnerable

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2023-45105

CVE, Research URL: CVE-2023-45105
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Dec 20, 2023
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.
Affected versions: Min -, max -.
Status: vulnerable

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2023-5877

CVE, Research URL: CVE-2023-5877
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Jan 01, 2024
Research Description: The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.
Affected versions: Min -, max -.
Status: vulnerable

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-2298

CVE, Research URL: CVE-2024-2298
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Mar 08, 2024
Research Description: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating importing products.
Affected versions: Min -, max -.
Status: vulnerable

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-29817

CVE, Research URL: CVE-2024-29817
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5.
Affected versions: Min -, max -.
Status: vulnerable

Jun 24, 2024

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-37205

CVE, Research URL: CVE-2024-37205
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Jul 10, 2024
Research Description: Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4.
Affected versions: Min -, max -.
Status: vulnerable

Aug 10, 2024

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-6562

CVE, Research URL: CVE-2024-6562
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Aug 12, 2024
Research Description: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions: Min -, max -.
Status: vulnerable

Oct 30, 2024

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-10227

CVE, Research URL: CVE-2024-10227
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Oct 29, 2024
Research Description: The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Nov 22, 2024

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2024-10675

CVE, Research URL: CVE-2024-10675
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Nov 21, 2024
Research Description: The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Apr 23, 2025

affiliate-toolkit – WordPress Affiliate Plugin # CVE-2025-46231

CVE, Research URL: CVE-2025-46231
Home page URL: Security reports for affiliate-toolkit – WordPress Affiliate Plugin
Application: affiliate-toolkit – WordPress Affiliate Plugin
Date: Apr 22, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.
Affected versions: Min -, max -.
Status: vulnerable