Latest

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in affiliate-toolkit – WordPress Affiliate Plugin 3.5.4

CVE-2024-2298

Severity: medium-risk
Status: Open
Publication: March 7, 2024

The WordPress Affiliate Plugin called “affiliate-toolkit” has a security issue. This is because the function called “atkp_import_product()” does not check if the user has the right capabilities. This means that someone who is logged in and has at least “subscriber” access can do things they are not supposed to, like importing products.

Detected in:

affiliate-toolkit fixed vulnerable versions:

affiliate-toolkit – Multi-Network Affiliate & Amazon Product Display fixed vulnerable versions:

affiliate-toolkit – WP Affiliate Plugin with Amazon fixed vulnerable versions:

affiliate-toolkit – WordPress Affiliate Plugin open vulnerable versions: >= * <= 3.5.4

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in affiliate-toolkit – WordPress Affiliate Plugin 3.5.4

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in affiliate-toolkit – WordPress Affiliate Plugin 3.5.4

Detected in: