Vulnerabilities (CVE)

Filtered by vendor Cbads Subscribe
Filtered by product Clickbank Affiliate Ads
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-20106 1 Cbads 1 Clickbank Affiliate Ads 2024-11-21 3.5 LOW 4.8 MEDIUM
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2015-20105 1 Cbads 1 Clickbank Affiliate Ads 2024-11-21 6.8 MEDIUM 9.6 CRITICAL
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues