CVE-2025-14734 Amazon affiliate lite Plugin <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update

The Amazon affiliate lite Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'ADALsettingspage' function. This makes it possible for unauthenticated attackers to update...

PT-2025-52545

Name of the Vulnerable Software and Affected Versions Amazon affiliate lite Plugin versions prior to 1.0.1 Description The “Amazon affiliate lite Plugin” for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow...

WordPress Affiliate AI Lite plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Affiliate AI Lite versions = 1.0.1...