Description
WordPress Plugin Affiliates Manager is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Affiliates Manager version 2.6.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.6.6 or latest
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18573)
WordPress Plugin Convert Docx2post Arbitrary File Upload (1.4)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)
WordPress Plugin Z-Vote 'zvote' Parameter SQL Injection (1.1)