cleantalk
Vulnerabilities and Security Researches

Affiliate Ads for ClickBank, CVE-2015-20105

CVE, Research URL

CVE-2015-20105

Home page URL

Security reports for Affiliate Ads for ClickBank

Application

Affiliate Ads for ClickBank

Published on
Dec 02, 2021
Research Description
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
Affected versions
Min -, max 1.7.
Status
vulnerable
Previous vulnerability researches
Affiliate Ads for ClickBank (CVE-2015-20106) , Jun 07, 2024
Affiliate Ads for ClickBank (CVE-2015-20105) , Jun 07, 2024
New vulnerability
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-48125) , May 31, 2025
Minimal Share Buttons (CVE-2025-5259) , May 30, 2025
LA-Studio Element Kit for Elementor (CVE-2025-4943) , May 30, 2025
LA-Studio Element Kit for Elementor (CVE-2025-4944) , May 30, 2025
Essential Real Estate (CVE-2025-48126) , May 30, 2025