Vulnerabilities and security researches forpostaffiliatepro postaffiliatepro

Jun 07, 2024

CVE, Research URL: CVE-2023-38482
Home page URL: Security reports for Post Affiliate Pro
Application: Post Affiliate Pro
Date: Sep 03, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro plugin <= 1.25.0 versions.
Affected versions: max 1.25.0.
Status: vulnerable

Apr 13, 2026

CVE, Research URL: CVE-2026-2290
Home page URL: Security reports for Post Affiliate Pro
Application: Post Affiliate Pro
Date: Mar 21, 2026
Research Description: The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the application and read the returned response content. Successful exploitation was confirmed by receiving and observing response data from an external Collaborator endpoint.
Affected versions: max 1.28.0.
Status: vulnerable