Aggregates CVE and security vulnerability intelligence across all ifeelweb-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-8478 | The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | [email protected] | 7.3 | 1.87% | 2024-09-10 | 2024-09-26 |
| CVE-2023-47766 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions. | [email protected] | 7.1 | 0.09% | 2023-11-22 | 2024-11-21 |
| CVE-2023-27417 | Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent plugin <= 1.5.1 versions. | [email protected] | 4.3 | 0.09% | 2023-11-12 | 2024-11-21 |
| CVE-2022-4325 | The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. | [email protected] | 6.1 | 2.84% | 2023-01-09 | 2025-04-09 |