Cbads

cbads

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Clickbank Affiliate Ads

clickbank_affiliate_ads

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-20106 1Cbads 1Clickbank Affiliate Ads Nov 21, 2024 Dec 2, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2015-20105 1Cbads 1Clickbank Affiliate Ads Nov 21, 2024 Dec 2, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escapi...Show more The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issuesShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2015-20106

1Cbads

1Clickbank Affiliate Ads

Nov 21, 2024

Dec 2, 2021

N/A· v4

4.8 MEDIUM· v3

3.5 LOW· v2

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

CVE-2015-20105

1Cbads

1Clickbank Affiliate Ads

Nov 21, 2024

Dec 2, 2021

N/A· v4

9.6 CRITICAL· v3

6.8 MEDIUM· v2

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escapi...Show more