Stored XSS Found In WordPress Affiliates Manager Plugin

If you are using the Affiliates Manager Plugin for WordPress any version less than 2.7.8 be sure to update as soon as possible.

A Stored Cross-Site Scripting (XSS) Vulnerability was found on September 14th, 2020.

A proof of concept will be released on September 28th, 2020. This means most likely in underground forums and dark web sites will be hosting the details on the vulnerability.

Why is it important to update due to an XSS Vulnerability?

Maybe website owners underestimate the issues XSS vulnerabilities can cause because they don’t generally affect the website data.

XSS, especially, in the case of a Stored XSS any website running a vulnerable version of this plugin could easily be used in a phishing campaign.

Additionally, stored XSS can be used to inject Javascript into your page, tricking your users into entering data or passing data to a third party website.

Leave a Reply