CVE-2017-14622
The WordPress plugin 2kb Amazon Affiliates Store (versions before 2.1.1) contains multiple cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary script or HTML via the kbAmz page parameters (page or kbAction) sent to wp-admin/admin.php, potentially theft of cookie-based cre...