CVE-2017-14622
MEDIUM NUCLEIWordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
Title source: nucleiExploitation Summary
CVE-2017-14622 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.
Nuclei Templates (1)
WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101050
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html
Issue Tracking, Vendor Advisory x_refsource_confirm
https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers
Scores
CVSS v3
6.1
EPSS
0.0289
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
2kblater/2kb_amazon_affiliates_store
< 2.1.0
Published
Sep 28, 2017
Tracked Since
Feb 18, 2026