The changelog entry for version 2.1.1 of the plugin 2kb Amazon Affiliates Store is “Security fix, thanks to Ricardo”. In looking over the changes made in that version we found it was a reflected cross-site scripting (XSS) vulnerability that was fixed. (After we finished up writing this post a report was released from the discoverer of the vulnerability, but it is inaccurate

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.