{"api_version":"1","generated_at":"2026-04-23T10:21:25+00:00","cve":"CVE-2022-0398","urls":{"html":"https://cve.report/CVE-2022-0398","api":"https://cve.report/api/cve/CVE-2022-0398.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0398","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0398"},"summary":{"title":"CVE-2022-0398","description":"The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2022-04-25 16:16:00","updated_at":"2023-11-07 03:41:00"},"problem_types":["CWE-352","CWE-862"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24","name":"https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24","refsource":"MISC","tags":[],"title":"Attention Required! | Cloudflare","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0398","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0398","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"caseproof","cpe5":"thirstyaffiliates_affiliate_link_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-0398","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]},{"description":[{"lang":"eng","value":"CWE-352 Cross-Site Request Forgery (CSRF)"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"ThirstyAffiliates Affiliate Link Manager","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"3.10.5"}]}}]}}]}},"references":{"reference_data":[{"url":"https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24","refsource":"MISC","name":"https://wpscan.com/vulnerability/21aec131-91ff-4300-ac7a-0bf31d6b2b24"}]},"generator":{"engine":"WPScan CVE Generator"},"source":{"discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"Krzysztof ZajÄ…c"},{"lang":"en","value":"WPScan"}]},"nvd":{"publishedDate":"2022-04-25 16:16:00","lastModifiedDate":"2023-11-07 03:41:00","problem_types":["CWE-352","CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.9},"severity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:caseproof:thirstyaffiliates_affiliate_link_manager:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"3.10.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"398","Ordinal":"227325","Title":"CVE-2022-0398","CVE":"CVE-2022-0398","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"398","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}