CVE-2026-7330 | thedark Auto Affiliate Links Plugin up to 6.8.8 on WordPress AJAX Endpoint aal_url_stats_save_action url cross site scripting

Inserito da Angelo Barbosa | Mag 8, 2026 | CVE

A vulnerability identified as problematic has been detected in thedark Auto Affiliate Links Plugin up to 6.8.8 on WordPress. The affected element is the function aal_url_stats_save_action of the component AJAX Endpoint. Performing a manipulation of the argument url results in cross site scripting.

This vulnerability is cataloged as CVE-2026-7330. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-7330 | thedark Auto Affiliate Links Plugin up to 6.8.8 on WordPress AJAX Endpoint aal_url_stats_save_action url cross site scripting

Post correlati

CVE-2025-66132 | FAPI Member Plugin up to 2.2.26 on WordPress authorization

CVE-2026-5944 | Nutanix Cisco Intersight Device Connector for Prism Central API Passthrough Endpoint missing authentication

CVE-2024-12916 | Agito Computer Life4All prior 10.01.2025 sql injection

CVE-2024-0735 | SourceCodester Online Tours & Travels Management System 1.0 expense.php exec sql injection