WordPress Plugin Vulnerabilities

2kb Amazon Affiliates Store <= 2.1.0 - Authenticated Cross-Site Scripting (XSS)

Description

The 2kb Amazon Affiliates Store WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
2kb-amazon-affiliates-store
Fixed in 2.1.1

References

CVE
CVE-2017-14622
URL
https://packetstormsecurity.com/files/#144261/
URL
https://plugins.trac.wordpress.org/changeset/1732307/2kb-amazon-affiliates-store

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
67184c4f-6b5b-49b9-a7d5-e7f8ddee415e

Timeline

Publicly Published
2017-09-20 (about 6 years ago)
Added
2017-09-28 (about 6 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2021-02-27
Title
Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Reflected Cross-Site Scripting (XSS)
Published
2022-08-10
Title
Create Pinterest Pinboard Pages <= 1.0 - Subscriber+ Settings Update to Stored XSS
Published
2023-02-23
Title
CM Answers < 3.2.0 - Admin+ Stored XSS
Published
2024-03-16
Title
OxyExtras < 1.4.5 - Unauthenticated Cross-Site Scripting
Published
2011-01-21
Title
Statpresscn <= 1.9.0 - Multiple XSS