Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by affiliatebooster

    CVE-2023-49148 (GCVE-0-2023-49148)

    Vulnerability from cvelistv5 – Published: 2023-12-18 22:08 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates Plugin <= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.
    Severity
    5.4 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Credits
    LEE SE HYOUNG (Patchstack Alliance)
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "affiliatebooster-blocks",
          "product": "Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates",
          "vendor": "Kulwant Nagi",
          "versions": [
            {
              "lessThanOrEqual": "3.0.5",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "LEE SE HYOUNG (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates.\u003cp\u003eThis issue affects Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5.\u003c/p\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:08:55.765Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/affiliatebooster-blocks/wordpress-affiliate-booster-plugin-3-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Affiliate Booster \u2013 Pros \u0026 Cons, Notice, and CTA Blocks for Affiliates Plugin \u003c= 3.0.5 is vulnerable to Cross Site Request Forgery (CSRF)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-49148",
    "datePublished": "2023-12-18T22:08:11.992Z",
    "dateReserved": "2023-11-22T23:35:38.289Z",
    "dateUpdated": "2026-04-28T16:08:55.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}