Vulnerabilities > Flamescorpion > Auto Affiliate Links > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-13 | CVE-2024-1843 | Missing Authorization vulnerability in Flamescorpion Auto Affiliate Links The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. | 4.3 |
| 2023-11-13 | CVE-2023-47652 | Cross-Site Request Forgery (CSRF) vulnerability in Flamescorpion Auto Affiliate Links Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4. | 6.1 |
| 2023-05-20 | CVE-2023-22689 | Cross-Site Request Forgery (CSRF) vulnerability in Flamescorpion Auto Affiliate Links Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | 8.8 |
| 2023-03-13 | CVE-2023-25973 | Cross-Site Request Forgery (CSRF) vulnerability in Flamescorpion Auto Affiliate Links Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions. | 8.8 |