Vulnerabilities > Wpaffiliatemanager > Affiliates Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-52130 | Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | 8.8 |
| 2023-07-10 | CVE-2023-28986 | Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions. | 8.8 |
| 2022-09-16 | CVE-2022-2798 | Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data | 8.0 |
| 2021-11-08 | CVE-2021-24844 | SQL Injection vulnerability in Wpaffiliatemanager Affiliates Manager The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue | 7.2 |
| 2019-09-03 | CVE-2019-15868 | Cross-Site Request Forgery (CSRF) vulnerability in Wpaffiliatemanager Affiliates Manager The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. | 8.8 |