cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foramazon-auto-links amazon-auto-links

Direction: ascending
Jun 06, 2024

Auto Amazon Links – Amazon Associates Affiliate Plugin # CVE-2023-52175

CVE, Research URL

CVE-2023-52175

Home page URL

Security reports for Auto Amazon Links – Amazon Associates Affiliate Plugin

Application

Auto Amazon Links – Amazon Associates Affiliate Plugin

Date
Feb 01, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links – Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links – Amazon Associates Affiliate Plugin: from n/a through 5.1.1.
Affected versions
max 5.1.2.
Status
vulnerable

Auto Amazon Links – Amazon Associates Affiliate Plugin # ea8ada99d7342506fe8f445633af4e9370f3358b

CVE, Research URL

ea8ada99d7342506fe8f445633af4e9370f3358b

Home page URL

Security reports for Auto Amazon Links – Amazon Associates Affiliate Plugin

Application

Auto Amazon Links – Amazon Associates Affiliate Plugin

Date
Aug 16, 2021
Research Description
Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin [amazon-auto-links] < 4.6.20 (closed) WordPress Auto Amazon Links plugin <= 4.6.19 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Auto Amazon Links plugin (versions <= 4.6.19).
Affected versions
max 4.6.20.
Status
vulnerable

Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin # CVE-2023-4482

CVE, Research URL

CVE-2023-4482

Home page URL

Security reports for Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin

Application

Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin

Date
Oct 20, 2023
Research Description
The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 5.3.2.
Status
vulnerable
Oct 05, 2024

Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin # CVE-2024-9349

CVE, Research URL

CVE-2024-9349

Home page URL

Security reports for Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin

Application

Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin

Date
Oct 04, 2024
Research Description
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 5.4.3.
Status
vulnerable
Dec 11, 2025

Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin # CVE-2025-11451

CVE, Research URL

CVE-2025-11451

Home page URL

Security reports for Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin

Application

Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin

Date
Nov 11, 2025
Research Description
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
max 5.4.3.
Status
vulnerable