Vulnerabilities > Flamescorpion > Auto Affiliate Links > 6.4.2.2

DATE CVE VULNERABILITY TITLE RISK
2024-03-13 CVE-2024-1843 Missing Authorization vulnerability in Flamescorpion Auto Affiliate Links
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3.
network
low complexity
flamescorpion CWE-862
4.3
4.3
2023-11-13 CVE-2023-47652 Cross-Site Request Forgery (CSRF) vulnerability in Flamescorpion Auto Affiliate Links
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.
network
low complexity
flamescorpion CWE-352
6.1
6.1