Flamescorpion Auto Affiliate Links — known CVE vulnerabilities
Every CVE whose affected-product data names Flamescorpion Auto Affiliate Links, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-47652 — CVSS 7.1 (high): Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate…
CVE-2023-25973 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
CVE-2024-9838 — CVSS 5.4 (medium): The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement…
CVE-2023-22689 — CVSS 4.6 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.
CVE-2024-1843 — CVSS 4.3 (medium): The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…