cleantalk
Vulnerabilities and Security Researches

Affiliate Super Assistent, CVE-2024-8478

CVE, Research URL

CVE-2024-8478

Home page URL

Security reports for Affiliate Super Assistent

Application

Affiliate Super Assistent

Published on
Sep 10, 2024
Research Description
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
max 1.5.4.
Status
vulnerable
Previous vulnerability researches
Affiliate Super Assistent (CVE-2026-42759) , May 30, 2026
Affiliate Super Assistent (CVE-2024-8478) , Sep 11, 2024
Affiliate Super Assistent (CVE-2023-27417) , Jun 06, 2024
New vulnerability
Error Log Monitor (CVE-2023-33999) , Jun 13, 2026
Stackable – Page Builder Gutenberg Blocks (CVE-2023-33999) , Jun 13, 2026
WordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator. (CVE-2023-33999) , Jun 13, 2026
Divi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7 (CVE-2023-33999) , Jun 13, 2026
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg (CVE-2023-33999) , Jun 13, 2026