RedefiningTheWeb Affiliate Pro 2.1.2 for WordPress

CPE Details

RedefiningTheWeb Affiliate Pro 2.1.2 for WordPress
redefiningtheweb
affiliate_pro
2.1.2
2024-10-09
11h35 +00:00
2024-10-09
11h35 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redefiningtheweb:affiliate_pro:2.1.2:*:*:*:*:wordpress:*:*

Informations

Vendor

redefiningtheweb

Product

affiliate_pro

Version

2.1.2

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-9289 2024-10-01 08h30 +00:00 The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.