3 matches found
CVE-2023-52175
CVE-2023-52175 affects the WordPress Auto Amazon Links – Amazon Associates Affiliate Plugin up through version 5.1.1. Root cause: improper neutralization of input during web page generation, enabling stored XSS. A fix is available in 5.1.2; update to a version later than 5.1.1 to mitigate. Patchs...
CVE-2024-9349
CVE-2024-9349 affects the WordPress plugin “Auto Amazon Links – Amazon Associates Affiliate Plugin” and is a reflected Cross-Site Scripting (XSS) vulnerability in how add_query_arg is used without proper escaping. It impacts all versions up to and including 5.4.2. Exploitation requires user inter...
CVE-2023-4482
The CVE-2023-4482 entry concerns the Auto Amazon Links plugin for WordPress. It is vulnerable to Stored Cross-Site Scripting via the style parameter due to insufficient input sanitization and output escaping in versions up to and including 5.3.1. Exploitation requires authenticated access with co...