Lucene search
K

1461 matches found

Nuclei
Nuclei
added 16 hours ago32 views

Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion

A directory traversal vulnerability in the Affiliate Datafeeds comdatafeeds component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1979 info: name: Joomla! Component Affiliate Datafeeds 880 - Local Fi...

6.8CVSS6.2AI score0.1115EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago24 views

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. id: CVE-2014-4577 info: name: WP AmASIN – The Amazon Affiliate Shop -...

5CVSS7.2AI score0.03749EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago10 views

AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

6.1CVSS6.1AI score0.00521EPSS
Exploits1References1
NVD
NVD
added 3 days ago7 views

CVE-2026-7559

The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00304EPSS
Exploits0References12
NVD
NVD
added 4 days ago6 views

CVE-2026-15296

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42803

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-15296

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-15296

The CVE-2026-15296 entry identifies a Stored Cross-Site Scripting vulnerability in the affiliate-toolkit – WP Affiliate Plugin with Amazon for WordPress, exploitable via the atkp_product shortcode in all versions

6.4CVSS6.1AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15296 affiliate-toolkit – WP Affiliate Plugin with Amazon <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 2:53 p.m.9 views

EUVD-2026-39769

Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.9 views

Malicious code in nottuff15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...

6.1AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/11 4:50 p.m.22 views

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service RaaS schemes like LockBit aka Tenacious Mantis...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-24592

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3...

5.3CVSS5.4AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.18 views

CVE-2026-7330

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

7.2CVSS5.7AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.4AI score0.00146EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/30 9:23 a.m.14 views

WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Affiliate Super Assistent versions = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/27 11:16 a.m.17 views

CVE-2026-42759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.10 views

CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.40 views

CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.24 views

CVE-2026-42759

CVE-2026-42759 describes a stored XSS in the WordPress plugin “Timo Affiliate Super Assistent amazonsimpleadmin,” caused by improper neutralization of input during web page generation. Affected: Affiliate Super Assistent versions from n/a through

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Rows per page
Query Builder