VYPR

Auto Affiliate Links

by WordPress

Source repositories

CVEs (9)

  • CVE-2024-34386HigMay 6, 2024
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.

  • CVE-2023-47652HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.

  • CVE-2022-45840MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.

  • CVE-2026-7330HigMay 8, 2026
    risk 0.40cvss 7.2epss 0.00

    The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function and a complete absence of…

  • CVE-2024-9838MedMay 15, 2025
    risk 0.35cvss 5.4epss 0.00

    The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

  • CVE-2023-25973MedMar 13, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.

  • CVE-2026-24592MedMay 25, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3.

  • CVE-2023-22689MedMay 20, 2023
    risk 0.30cvss 4.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.

  • CVE-2024-1843MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.01

    The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access…