The Affiliate Super Assistant plugin for WordPress has a security vulnerability. This means that in versions up to 1.5.3, anyone can use the plugin to run shortcodes without permission. This can be done by adding comments with shortcodes when the ‘Parse comments’ option is turned on. This allows hackers to run their own code without needing to be logged in.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
