WordPress Overstock Affiliate Links plugin <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Overstock Affiliate Links versions = 1.1...

CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...