cleantalk
Vulnerabilities and Security Researches

Auto Amazon Links – Amazon Associates Affiliate Plugin, 24863e26f4c5a031f0669dbeae65f73aed63e7a4

CVE, Research URL

24863e26f4c5a031f0669dbeae65f73aed63e7a4

Home page URL

Security reports for Auto Amazon Links – Amazon Associates Affiliate Plugin

Application

Auto Amazon Links – Amazon Associates Affiliate Plugin

Published on
Aug 16, 2021
Research Description
Auto Amazon Links &#8211; Amazon Associates Affiliate Plugin [amazon-auto-links] < 4.6.20 (closed) Amazon Auto Links <= 4.6.19 - Reflected Cross-Site Scripting The Amazon Auto Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' and 'name' values in versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 4.6.20.
Status
vulnerable
Previous vulnerability researches
WPvivid Backup for MainWP (ec00cf2f6a6757dc3371250c1689bf0e482f89f9) , Jun 16, 2026
WPvivid Backup for MainWP (2c3fbbc425bd92d0f969e669e6a4b8564997aa02) , Jun 16, 2026
WPvivid Backup for MainWP (CVE-2024-35664) , Jun 06, 2024
WPvivid Backup for MainWP (CVE-2024-1383) , Jun 06, 2024
New vulnerability
Booking Package (e7eb5243d3af9fd38973f7d59bebc6d698472b0b) , Jun 16, 2026
WP Simple Spreadsheet Fetcher for Google (f8fce47113e556ee0530bb8582de7956f1271b31) , Jun 16, 2026
WP Simple Spreadsheet Fetcher for Google (f224ff37-4126-49bc-b432-0d1e177abec8) , Jun 16, 2026
Team Showcase (6b13bc31f18e37d9599254d9ab05927592e1f19f) , Jun 16, 2026
Team Showcase (5b6a6c2a49333beeedb438830a1e82e7ac78d8e6) , Jun 16, 2026