The changelog entry for version 2.1.1 of the plugin 2kb Amazon Affiliates Store is “Security fix, thanks to Ricardo”. In looking over the changes made in that version we found it was a reflected cross-site scripting (XSS) vulnerability that was fixed. (After we finished up writing this post a report was released from the discoverer of the vulnerability, but it is inaccurate in a ...
To read the rest of this post you need to have an active account with our service.
For existing customers, please log in to your account to view the rest of the post.
If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).
If you are a WordPress plugin security researcher please contact us to get free access to all of our Vulnerability Details posts.