CVE-2022-2798

high

Description

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

References

https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd

Details

Source: Mitre, NVD

Published: 2022-09-16

Updated: 2022-09-20

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H