Which WP Affiliate Platform CVEs are tracked?

WP Affiliate Platform tracked CVEs include CVE-2022-3898, CVE-2024-5280, CVE-2024-5287, CVE-2024-5284, and CVE-2024-5283.

How many WP Affiliate Platform vulnerabilities have patch guidance?

13 of 13 tracked WP Affiliate Platform records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 13 known issues Latest disclosed Jul 08, 2024

WP Affiliate Platform Vulnerabilities

Review known vulnerability records for the WordPress plugin WP Affiliate Platform (`wp-affiliate-platform`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-5285, CVE-2024-5280 and CVE-2024-5287, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Aug 09, 2024

Priority CVE Quick Links

Fast paths into WP Affiliate Platform CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2022-3898 High 6.4.0

CVE-2022-3898 WP Affiliate Platform Cross-Site Request Forgery

WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery

CVE-2024-5280 Medium 6.5.1

CVE-2024-5280 WP Affiliate Platform Cross-Site Scripting

WP Affiliate Platform <= 6.5.0 - Cross-Site Request Forgery to Cross-Site Scripting

CVE-2024-5287 Medium 6.5.1

CVE-2024-5287 WP Affiliate Platform Cross-Site Scripting

WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

CVE-2024-5284 Medium 6.5.1

CVE-2024-5284 WP Affiliate Platform Stored Cross-Site Scripting

WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-5283 Medium 6.5.1

CVE-2024-5283 WP Affiliate Platform Cross-Site Scripting

WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Lead Editing

CVE-2024-5281 Medium 6.5.1

CVE-2024-5281 WP Affiliate Platform Cross-Site Scripting

WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Affiliate Editing

CVE-2024-5282 Medium 6.5.1

CVE-2024-5282 WP Affiliate Platform Cross-Site Scripting

WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Registration Form

CVE-2024-5286 Medium 6.5.1

CVE-2024-5286 WP Affiliate Platform Cross-Site Scripting

WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Banner Editing

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Affiliate Platform so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

13 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 1 high severity finding.

Recent CVEs

CVE-2024-5285, CVE-2024-5280 and CVE-2024-5287

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2024-5285 Medium Patch path listed

CVE-2024-5285: WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.1. This is due to missing or incorrect nonce validation o...

Published

Jul 08, 2024

Patch Status

6.5.2

Open CVE-2024-5285 Report

CVE-2024-5280 Medium Patch path listed

CVE-2024-5280: WP Affiliate Platform <= 6.5.0 - Cross-Site Request Forgery to Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.0. This is due to missing or incorrect nonce validation o...

Published

Jun 22, 2024

Patch Status

6.5.1

Open CVE-2024-5280 Report

CVE-2024-5287 Medium Patch path listed

CVE-2024-5287: WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 6.5.1 (exclusive). This is due to missing or incorrect nonce validation on th...

Published

Jun 22, 2024

Patch Status

6.5.1

Open CVE-2024-5287 Report

Known Vulnerabilities

Reports for WP Affiliate Platform

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-5285

CVE-2024-5285: WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.1. This is due to missing or incorrect nonce validation on the affiliate 'delete' functionality. This makes it possible for unauthenticated attacke...

Published

Jul 08, 2024

Patched Release

6.5.2

Affected Versions

Versions up to 6.5.1

Next Step

Update to 6.5.2 or newer if supported.

Open CVE-2024-5285 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5280

CVE-2024-5280: WP Affiliate Platform <= 6.5.0 - Cross-Site Request Forgery to Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.0. This is due to missing or incorrect nonce validation on the 'info_update' functionality. This makes it possible for unauthenticated attackers to...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions up to 6.5.0

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5280 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5287

CVE-2024-5287: WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 6.5.1 (exclusive). This is due to missing or incorrect nonce validation on the info_update functionality. This makes it possible for unauthenticated attackers to injec...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5287 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5287

CVE-2024-5287: WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 6.5.1 (exclusive). This is due to missing or incorrect nonce validation on the profile update functionality. This makes it possible for unauthenticated attackers to up...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5287 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5284

CVE-2024-5284: WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 6.5.1 (exclusive). This is due to missing or incorrect nonce validation on the wp_aff_platform_settings page. This makes it possible for unauthenticated attackers to u...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5284 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5283

CVE-2024-5283: WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Lead Editing

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wp_aff_referrer' parameter in all versions up to 6.5.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5283 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5281

CVE-2024-5281: WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Affiliate Editing

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'editaff' parameter in all versions up to 6.5.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to i...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5281 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5282

CVE-2024-5282: WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Registration Form

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'afirstname' parameter in all versions up to 6.5.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5282 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5286

CVE-2024-5286: WP Affiliate Platform < 6.5.1 - Reflected Cross-Site Scripting via Banner Editing

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'editrecord' parameter in all versions up to 6.5.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

Published

Jun 22, 2024

Patched Release

6.5.1

Affected Versions

Versions before 6.5.1

Next Step

Update to 6.5.1 or newer if supported.

Open CVE-2024-5286 Report Open CVE Reference

Plugin High Patched: Yes CVE-2022-3898

CVE-2022-3898: WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthent...

Published

Nov 08, 2022

Patched Release

6.4.0

Affected Versions

Versions up to 6.3.9

Next Step

Update to 6.4.0 or newer if supported.

Open CVE-2022-3898 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-3897

CVE-2022-3897: WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administ...

Published

Nov 08, 2022

Patched Release

6.4.0

Affected Versions

Versions up to 6.3.9

Next Step

Update to 6.4.0 or newer if supported.

Open CVE-2022-3897 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-3896

CVE-2022-3896: WP Affiliate Platform <= 6.3.9 - Reflected Cross-Site Scripting

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to i...

Published

Nov 08, 2022

Patched Release

6.4.0

Affected Versions

Versions up to 6.3.9

Next Step

Update to 6.4.0 or newer if supported.

Open CVE-2022-3896 Report Open CVE Reference