Vulnerabilities > Yithemes > Woocommerce Affiliate > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2022-0818 Cross-site Scripting vulnerability in Yithemes Woocommerce Affiliate
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
network
yithemes CWE-79
4.3