Overview
- Description
- The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 6.4
- Impact score
- 2.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10227 (Published: 2024-10-29) - A high-severity vulnerability affects Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/GVYbOS4cd4 #WordPress #Security
@transilienceai
1 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10227 (Published: 2024-10-29) - A high-severity vulnerability affects Wordfence. Ensure your installations are updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/GVYbOS4cd4 #CyberSecurity #Wordfence
@transilienceai
1 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10227 (Published: 2024-10-29) - High severity vulnerability in SERVIT Software Solutions. Affects Affiliate Toolkit Starter plugin. Users are urged to update to the latest version to mitigate risks. For more details, visit: https://t.co/GnaWvCMEb9 #CyberSecurity… http
@transilienceai
1 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10227 (Published: 2024-10-29) - High severity vulnerability in SERVIT Software Solutions. Affects Affiliate Toolkit Starter plugin. Users are urged to update to the latest version immediately to mitigate risks. More info: https://t.co/GnaWvCMEb9 #CyberSecurity… https:
@transilienceai
1 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10227 (Published: 2024-10-29) - A critical vulnerability in WordPress affects multiple versions. Ensure your site is secure by updating to the latest version immediately. For detailed remediation steps, visit: https://t.co/YlKKNnMaJK #WordPress #CVE #CyberSecurity… ht
@transilienceai
1 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10227 (Published: 2024-10-29) - A critical vulnerability in WordPress affects multiple versions. 🚨 Users are urged to update to the latest version immediately to mitigate risks. For detailed remediation steps, visit: https://t.co/YlKKNnMaJK #WordPress #CVE… https://t
@transilienceai
1 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10227 (Published: 2024-10-29) - A high-severity vulnerability in SERVIT Software Solutions affects specific versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the changeset: https://t.co/hp7SIiBYc4… https:/
@transilienceai
1 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2024-10227 (Published: 2024-10-29) - A high-severity vulnerability in SERVIT Software Solutions affects specific versions. Users are urged to update to the latest release to mitigate risks. For details, check the changeset: https://t.co/hp7SIiBYc4 #CyberSecurity… https://t
@transilienceai
1 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10227 The affiliate-toolkit plugin for WordPress is vulnerable to Store... https://t.co/tJXyYHmnek Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
29 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10227 The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, … https://t.co/lmMGcdZ0y4
@CVEnew
29 Oct 2024
426 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes