|ID||CVSS||Summary||Last (major) update||Published|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, i
|04-12-2021 - 02:37||02-12-2021 - 18:15|
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
|04-12-2021 - 02:33||02-12-2021 - 18:15|