No API Amazon Affiliate < 4.4.0 – Admin+ Stored XSS | CVE 2023-22680

Affects Plugins

no-api-amazon-affiliate

Fixed in 4.4.0

References

CVE

CVE-2023-22680

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Mika

Verified

No

WPVDB ID

0ca5e5c2-890e-41a2-bac4-c2d52deea4e9

Timeline

Publicly Published

2023-01-13 (about 3 years ago)

Added

2023-03-20 (about 2 years ago)

Last Updated

2023-03-20 (about 2 years ago)

Other

Published

Title

Published

2024-05-24

Title

Similarity <= 3.0 - Stored XSS via CSRF

Published

2024-06-13

Title

Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

Published

2023-12-05

Title

Email Subscription Popup < 1.2.19 - Reflected Cross-Site Scripting

Published

2024-03-12

Title

Sky Addons for Elementor < 2.5.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL

Published

2025-01-23

Title

WP Google Street View (with 360° virtual tour) & Google maps + Local SEO < 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting