25 matches found
CVE-2025-13859
The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress AffiliateX plugin 1.0.0-1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting
Authenticated Subscriber+ Missing Authorization to Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin AffiliateX versions 1.0.0-1.3.9.3...
CVE-2025-13859
The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-13859 AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings
The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-13859
CVE-2025-13859 affects the AffiliateX – Amazon Affiliate Plugin for WordPress. Wordfence and related sources document a vulnerability in versions 1.0.0 through 1.3.9.3 where a missing capability check on the save_customization_settings AJAX action allows authenticated users with Subscriber-level ...
EUVD-2026-2807
The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin AffiliateX – Amazon Affiliate Plugin has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-69346
Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through = 1.3.9.3...
CVE-2025-69346
Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through = 1.3.9.3...
CVE-2025-69346 WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through = 1.3.9.3...
CVE-2025-69346
CVE-2025-69346 documents a Missing Authorization vulnerability in the WordPress plugin AffiliateX (AffiliateX – Amazon Affiliate Plugin) . Affected software: AffiliateX versions up to and including 1.3.9.3. Root cause: misconfigured access control allowing unauthorized actions. CVSS 3.1 is 5.4 (M...
CVE-2025-69346 WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through = 1.3.9.3...
WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin AffiliateX versions = 1.3.9.3...
WordPress plugin AffiliateX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2026-1475
Name of the Vulnerable Software and Affected Versions AffiliateX versions through 1.3.9.3 Description An authorization issue exists in AffiliateX, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update AffiliateX to a version later than 1.3.9.3...
EUVD-2024-43544
Malicious code in bioql PyPI...
CVE-2024-49692
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCenter AffiliateX affiliatex allows Stored XSS.This issue affects AffiliateX: from n/a through = 1.2.9...
CVE-2024-49692
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCenter AffiliateX affiliatex allows Stored XSS.This issue affects AffiliateX: from n/a through = 1.2.9...
CVE-2024-49692
CVE-2024-49692 affects the WordPress AffiliateX plugin (versions
CVE-2024-49692 WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCenter AffiliateX affiliatex allows Stored XSS.This issue affects AffiliateX: from n/a through = 1.2.9...