Cross-Site Scripting Vulnerability in ThirstyAffiliates by Blair Williams
CVE-2025-67537
6.5MEDIUM
What is CVE-2025-67537?
A vulnerability exists in the ThirstyAffiliates plugin developed by Blair Williams, which allows for Stored Cross-Site Scripting (XSS) attacks. This issue arises from improper handling of user-generated input during web page rendering, potentially allowing attackers to inject malicious scripts that could be executed in the context of users' browsers. This vulnerability affects versions of ThirstyAffiliates up to 3.11.8. Proper input validation and sanitization measures are essential to mitigate the risk of such attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ThirstyAffiliates <= n/a
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Muhammad Yudha - DJ | Patchstack Bug Bounty Program