CVE-2015-20105

CVE-2015-20105: ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting

Vendor Unknown

Product ClickBank Affiliate Ads

Weakness CWE-79 · XSS

Published December 2, 2021

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues

Key dates

02Disclosure timeline

December 2, 2021 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-20105 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-46263 WordPress Author Box After Posts plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability CVE-2022-42360 AEM Reflected XSS Arbitrary code execution CVE-2025-23583 WordPress Explara Membership plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-2066 SourceCodester Computer Inventory System add-computer.php cross site scripting CVE-2025-61657