CVE-2024-5285

Name of the Vulnerable Software and Affected Versions wp-affiliate-platform versions prior to 6.5.2

Description The issue concerns a lack of CSRF check when deleting affiliates, which could allow attackers to make a logged-in user change or delete them via a CSRF attack.

Recommendations For versions prior to 6.5.2, update to version 6.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affiliate deletion functionality until the update is applied.