Auto Affiliate Links

auto_affiliate_links

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-9838 1Flamescorpion 1Auto Affiliate Links Jun 17, 2026 May 15, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-1843 1Flamescorpion 1Auto Affiliate Links Jun 17, 2026 Mar 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it pos...Show more The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.Show less
CVE-2023-47652 1Flamescorpion 1Auto Affiliate Links Jun 17, 2026 Nov 13, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.
CVE-2023-22689 1Flamescorpion 1Auto Affiliate Links Jun 17, 2026 May 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.
CVE-2023-25973 1Flamescorpion 1Auto Affiliate Links Jun 17, 2026 Mar 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.