CVE-2023-4482

The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject...

WordPress Plugin Auto Amazon Links - Amazon Associates Affiliate Arbitrary File Read Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in the WordPress plugin Auto Amazon Links - Amazon...

CVE-2025-11451

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

CVE-2025-11451

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

CVE-2025-11451

CVE-2025-11451 affects the WordPress plugin Auto Amazon Links – Amazon Associates Affiliate Plugin and allows unauthenticated arbitrary file reads via the WP REST endpoint /wp-json/wp/v2/aal_ajax_unit_loading in versions up to 5.4.3. The exposure can reveal sensitive server contents. Public discl...

CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aalajaxunitloading' RST API endpoint. This makes it possible for unauthenticated attackers to read the content...

WordPress Auto Amazon Links – Amazon Associates Affiliate Plugin plugin <= 5.4.3 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Auto Amazon Links versions = 5.4.3...

PT-2025-46246

Name of the Vulnerable Software and Affected Versions Auto Amazon Links – Amazon Associates Affiliate Plugin versions prior to 5.4.4 Description The Auto Amazon Links – Amazon Associates Affiliate Plugin for WordPress is susceptible to unauthorized access to arbitrary files. This is possible...

WordPress plugin Auto Amazon Links – Amazon Associates Affiliate Plugin 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in the WordPress plugin Auto Amazon Links - Amazon...

EUVD-2023-56848

Malicious code in bioql PyPI...

EUVD-2023-54337

Malicious code in bioql PyPI...

EUVD-2024-49875

Malicious code in bioql PyPI...

PT-2025-27191 · Unknown · Add &Amp; Replace Affiliate Links For Amazon

Name of the Vulnerable Software and Affected Versions: Add & Replace Affiliate Links for Amazon versions 1.0.0 through 1.0.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

CVE-2024-9349

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers t...

CVE-2023-52175

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Uno miunosoft Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1...

CVE-2024-9349

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers t...

CVE-2024-9349

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers t...

CVE-2024-9349

CVE-2024-9349 affects the WordPress plugin “Auto Amazon Links – Amazon Associates Affiliate Plugin” and is a reflected Cross-Site Scripting (XSS) vulnerability in how add_query_arg is used without proper escaping. It impacts all versions up to and including 5.4.2. Exploitation requires user inter...

WordPress Auto Amazon Links plugin <= 5.4.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Auto Amazon Links versions = 5.4.2...