Description
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data
Scores
CVSS v3
8.0
EPSS
0.0092
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1236
Status
published
Products (1)
wpaffiliatemanager/affiliates_manager
< 2.9.14
Published
Sep 16, 2022
Tracked Since
Feb 18, 2026