CVE-2017-14622

MEDIUM NUCLEI

WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting

Title source: nuclei

Description

Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.

Nuclei Templates (1)

WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101050

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html

[Issue Tracking, Vendor Advisory] https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers

Scores

CVSS v3 6.1

EPSS 0.0015

EPSS Percentile 34.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

2kblater/2kb_amazon_affiliates_store < 2.1.0

Published Sep 28, 2017

Tracked Since Feb 18, 2026