Lucene search
K

8 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-15296

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42803

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/04 9:30 a.m.12 views

EUVD-2026-18971

The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpscdisplayproduct' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00195EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.5 views

CVE-2024-10227

The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkpproduct shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5AI score0.00333EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/29 5:11 a.m.4 views

WordPress affiliate-toolkit plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via atkpproduct Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin affiliate-toolkit versions = 3.6.5...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.7 views

PT-2024-16126

Name of the Vulnerable Software and Affected Versions affiliate-toolkit plugin for WordPress versions up to, and including, 3.6.5 Description The issue is related to Stored Cross-Site Scripting via the plugin's atkp product shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00333EPSS
Exploits0References17
wpexploit
wpexploit
added 2021/10/05 12:0 a.m.490 views

Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed When creating a "New product shortcode" you can inject XSS payloads like --! i...

4.8CVSS0.1AI score0.00598EPSS
Exploits2
NVD
NVD
added 2021/04/12 2:15 p.m.37 views

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

7.5CVSS0.05404EPSS
Exploits2References1
Rows per page
Query Builder