Cross-site Scripting Vulnerability in Affiliate Links Manager by Winking
CVE-2025-27273

5.8MEDIUM

Key Information:

Vendor: WordPress
Status: Affiliate Links Manager
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-27273?

The Affiliate Links Manager by Winking is exposed to a Cross-site Scripting vulnerability due to improper input handling during web page generation. This flaw allows attackers to inject malicious scripts, which can be executed in the context of a user's browser, potentially compromising sensitive information. Users of the plugin, particularly those on versions from n/a to 1.0, are strongly advised to implement necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Affiliate Links Manager <= 1.0

References

https://patchstack.com/database/wordpress/plugin/affiliat...

vdb-entry

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

johska (Patchstack Alliance)