CVE-2024-9349

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-9349

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9349.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9349

Published

2024-10-04T05:15:12.820Z

Modified

2026-04-10T05:20:12.251786Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

References

Affected packages

Git / github.com/michaeluno/amazon-auto-links

Affected ranges

Type

GIT

Repo

https://github.com/michaeluno/amazon-auto-links

Events

Introduced

Fixed

1fb1fb89b36377a073d123b44575972b683d36b6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.4.3"
        }
    ]
}

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.2.0

2.2.1

Other

3.*

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.10.0

3.10.1

3.11.0

3.11.1

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.3.0

3.3.1

3.3.4

3.3.5

3.3.6

3.4.0

3.4.1

3.4.10

3.4.11

3.4.12

3.4.13

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.5.7

3.5.7.1

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

3.7.0

3.7.1

3.7.10

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.7.8

3.7.9

3.8.0

3.8.1

3.8.10

3.8.11

3.8.12

3.8.19

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

3.8.8

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

3.9.5

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0

4.2.0

4.2.1

4.2.2

4.2.3

4.3.0

4.3.1

4.3.4

4.3.5

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.6.0

4.6.1

4.6.2

4.6.3

4.7.0

4.7.0b03

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.7.8

4.7.9

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.3.0

5.4.0

5.4.1

5.4.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9349.json"