CVE-2025-14734

CVE-2025-14734 concerns the Amazon affiliate lite Plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) affecting all versions up to 1.0.0, caused by missing or incorrect nonce validation in the ADAL_settings_page function. This enables unauthenticated attackers to update...

EUVD-2025-12014

Malicious code in bioql PyPI...

CVE-2025-46506

Cross-Site Request Forgery CSRF vulnerability in Lora77 WpZon – Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon – Amazon Affiliate Plugin: from n/a through = 1.3...

CVE-2025-46506

Cross-Site Request Forgery CSRF vulnerability in Lora77 WpZon – Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon – Amazon Affiliate Plugin: from n/a through = 1.3...

CVE-2025-46506

CVE-2025-46506 describes a CSRF-to-Reflected XSS in the WordPress plugin WpZon – Amazon Affiliate Plugin (versions

WordPress plugin WpZon – Amazon Affiliate Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2025-2077

CVE-2025-2077 – Simple Amazon Affiliate (WordPress) Description: WordPress plugin Simple Amazon Affiliate is vulnerable to Reflected Cross-Site Scripting via the msg parameter in all versions up to and including 1.0.9. The vulnerability arises from insufficient input sanitization and output escap...

CVE-2023-22680

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Altanic No API Amazon Affiliate plugin = 4.2.2 versions...

CVE-2023-22680 WordPress No API Amazon Affiliate Plugin <= 4.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Altanic No API Amazon Affiliate plugin = 4.2.2 versions...

PT-2023-18625 · Altanic · Altanic No Api Amazon Affiliate Plugin

Name of the Vulnerable Software and Affected Versions: Altanic No API Amazon Affiliate plugin versions = 4.2.2 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into the...

WordPress Plugin No API Amazon Affiliate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Amazon Affiliate < 3.17.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the tab parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=aawp-settings=%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y...