Auto Affiliate Links
Monthly
Missing authorization in the Auto Affiliate Links WordPress plugin (all versions through 6.8.8.3) allows unauthenticated remote attackers to bypass access control checks and perform unauthorized write operations against affiliate link configurations. The vulnerability is classified as broken access control (CWE-862) and was reported by Patchstack. No public exploit code exists and no active exploitation has been confirmed - EPSS sits at 0.03% (8th percentile) and SSVC exploitation status is 'none' - indicating negligible real-world threat activity at time of analysis despite the attack being fully automatable with no authentication required.
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Missing authorization in the Auto Affiliate Links WordPress plugin (all versions through 6.8.8.3) allows unauthenticated remote attackers to bypass access control checks and perform unauthorized write operations against affiliate link configurations. The vulnerability is classified as broken access control (CWE-862) and was reported by Patchstack. No public exploit code exists and no active exploitation has been confirmed - EPSS sits at 0.03% (8th percentile) and SSVC exploitation status is 'none' - indicating negligible real-world threat activity at time of analysis despite the attack being fully automatable with no authentication required.
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.