CVE-2025-13624 | Overstock Affiliate Links Plugin up to 1.1 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Inserito da Angelo Barbosa | Dic 19, 2025 | CVE

A vulnerability marked as problematic has been reported in Overstock Affiliate Links Plugin up to 1.1 on WordPress. This issue affects some unknown processing. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is traded as CVE-2025-13624. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-13624 | Overstock Affiliate Links Plugin up to 1.1 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Post correlati

CVE-2024-2295 | Contact Form Manager Plugin up to 1.6.1 on WordPress cross site scripting

CVE-2022-50176 | Linux Kernel up to 5.4.210/5.10.136/5.15.60/5.18.17/5.19.1 for_each_available_child_of_node reference count

CVE-2025-26358 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP ldbMT.so input validation

CVE-2025-7583 | PHPGurukul Online Fire Reporting System 1.2 /admin/all-requests.php teamid sql injection