Reflected XSS Vulnerability in Affiliate Tools Việt Nam by leduchuy89vn
CVE-2025-23759

7.1HIGH

Key Information:

Vendor: WordPress
Status: Affiliate Tools Việt Nam
Vendor: CVE Published:; 31 January 2025

Summary

A reflected XSS vulnerability exists in the Affiliate Tools Việt Nam plugin created by leduchuy89vn. This issue stems from improper neutralization of user input during web page generation, which allows attackers to inject malicious scripts. Affected versions include those up to and including 0.3.17. If exploited, this vulnerability could enable unauthorized actions within user sessions, potentially leading to data theft and compromising user security.

Affected Version(s)

Affiliate Tools Việt Nam <= 0.3.17

References

https://patchstack.com/database/wordpress/plugin/affiliat...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)