6.1
CVSSv3

CVE-2024-9349

Published: 04/10/2024 Updated: 10/10/2024

Vulnerability Summary

Reflected XSS Vulnerability in Auto Amazon Links WordPress Plugin

The Auto Amazon Links – Amazon Associates Affiliate Plugin for WordPress has a Reflected Cross-Site Scripting issue. This happens because of improper escaping in the add_query_arg function for the URL. All versions until 5.4.2 have this issue. It allows attackers to insert harmful scripts into pages. The attacker needs to trick a user to click a link for the script to run.

Vulnerable Product Search on Vulmon Subscribe to Product

michaeluno auto amazon links