Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-08
CVE-2026-7330 - Auto Affiliate Links Plugin
The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function and a complete absence of output escaping in aal_display_clicks(), where the stored value is echoed directly into an anchor element's href attribute and inner text without esc_url(), esc_attr(), or esc_html(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts into the admin statistics page that execute in an administrator's browser when…
PLUGIN
Auto Affiliate Links
CVE-2026-7330
Risk Score
Threat Entry
Updated 2025-06-12
CVE-2024-9838 - Auto Affiliate Links Plugin
The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
PLUGIN
Auto Affiliate Links
CVE-2024-9838
Risk Score
Threat Entry
Updated 2025-04-03
CVE-2024-1843 - Auto Affiliate Links Plugin
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.
PLUGIN
Auto Affiliate Links
CVE-2024-1843
Risk Score