Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management, f426ca5630acbdf6b437c2bb8a97e339b1eaf797

CVE, Research URL: f426ca5630acbdf6b437c2bb8a97e339b1eaf797
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Published on: -
Research Description: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management [simple-urls] <= 117 (unfixed) Simple URLs <= 117 - Cross-Site Request Forgery via AJAX actions The Simple URLs plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on its AJAX handler functions in versions up to, and including, 117. This makes it possible for unauthenticated attackers to invoke those functions and change plugin behavior and settings provided they can trick an administrator into performing an action such as clicking on a link.
Affected versions: max 117.
Status: vulnerable

Simple URLs &#8211; Link Cloaking, Product Displays, and Affiliate Link Management, f426ca5630acbdf6b437c2bb8a97e339b1eaf797