Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2026/01/16 2:23 p.m.4 views

CVE-2025-13859

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.6AI score0.00045EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/01/16 6:38 a.m.6 views

WordPress AffiliateX plugin 1.0.0-1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting

Authenticated Subscriber+ Missing Authorization to Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin AffiliateX versions 1.0.0-1.3.9.3...

6.4CVSS5.8AI score0.00045EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/01/15 2:16 p.m.2 views

CVE-2025-13859

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00045EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/15 1:23 p.m.2 views

CVE-2025-13859 AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.2AI score0.00045EPSS
Exploits0References3
CVE
CVEadded 2026/01/15 1:23 p.m.13 views

CVE-2025-13859

CVE-2025-13859 affects the AffiliateX – Amazon Affiliate Plugin for WordPress. Wordfence and related sources document a vulnerability in versions 1.0.0 through 1.3.9.3 where a missing capability check on the save_customization_settings AJAX action allows authenticated users with Subscriber-level ...

6.4CVSS5.2AI score0.00045EPSS
Exploits0References3
EUVD
EUVDadded 2026/01/15 1:23 p.m.3 views

EUVD-2026-2807

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.1AI score0.00045EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/06 4:36 p.m.2 views

CVE-2025-69346 WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through = 1.3.9.3...

4.3CVSS6.6AI score0.00031EPSS
Exploits0References1
CVE
CVEadded 2026/01/06 4:36 p.m.6 views

CVE-2025-69346

CVE-2025-69346 documents a Missing Authorization vulnerability in the WordPress plugin AffiliateX (AffiliateX – Amazon Affiliate Plugin) . Affected software: AffiliateX versions up to and including 1.3.9.3. Root cause: misconfigured access control allowing unauthorized actions. CVSS 3.1 is 5.4 (M...

4.3CVSS6.6AI score0.00031EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/06 4:36 p.m.24 views

CVE-2025-69346 WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through = 1.3.9.3...

4.3CVSS0.00031EPSS
Exploits0References1
Patchstack
Patchstackadded 2024/10/21 9:39 a.m.3 views

WordPress AffiliateX plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin AffiliateX versions = 1.2.9...

6.5CVSS6.1AI score0.00211EPSS
Exploits0Affected Software1
Rows per page
Query Builder