Medium severity6.1NVD Advisory· Published Sep 28, 2017· Updated May 13, 2026

CVE-2017-14622

Description

Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.

Affected products

2kblater/2kb Amazon Affiliates Store
cpe:2.3:a:2kblater:2kb_amazon_affiliates_store:*:*:*:*:*:wordpress:*:*
Range: <=2.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/101050nvdThird Party AdvisoryVDB Entry
wordpress.org/plugins/2kb-amazon-affiliates-store/nvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000