Vulnerabilities and security researches forwp-auto-affiliate-links wp-auto-affiliate-links

Jun 07, 2024

CVE, Research URL: 32a7cdf6fa345f0043ffab261989233ee8db7233
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: Jul 15, 2015
Research Description: Auto Affiliate Links [wp-auto-affiliate-links] < 5.0 WordPress Auto Affiliate Links Plugin <= 4.9.9.4 - Blind SQL Injection Because of this vulnerability, authenticated users can execute arbitrary SQL commands. Update the plugin.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-25973
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: Mar 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1843
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: Mar 13, 2024
Research Description: The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-34386
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: May 07, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-22689
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: May 21, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-47652
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: Nov 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-45840
Home page URL: Security reports for Auto Affiliate Links
Application: Auto Affiliate Links
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.
Affected versions: Min -, max -.
Status: vulnerable