Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/01/15 1:23 p.m.26 views

CVE-2025-13859 AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00166EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:23 p.m.4 views

CVE-2025-13859

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.11 views

PT-2026-3004

Name of the Vulnerable Software and Affected Versions AffiliateX – Amazon Affiliate Plugin versions 1.0.0 through 1.3.9.3 Description The AffiliateX – Amazon Affiliate Plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the save...

6.4CVSS6.1AI score0.00166EPSS
Exploits0References6
OSV
OSV
added 2024/10/29 11:15 a.m.7 views

CVE-2024-49692

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9...

5.4CVSS5.8AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder