Stored Cross-Site Scripting Vulnerability in Affiliate Super Assistent by Timo
CVE-2026-42759

7.1HIGH

Key Information:

Vendor: WordPress
Status: Affiliate Super Assistent
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42759?

The Affiliate Super Assistent plugin developed by Timo has a vulnerability that allows for stored Cross-Site Scripting (XSS). This occurs due to improper neutralization of input during web page generation, enabling malicious scripts to be executed in the context of users who view affected content. This vulnerability affects versions of the plugin up to 1.10.1, posing a serious risk for websites utilizing the plugin.

Affected Version(s)

Affiliate Super Assistent 0 <= 1.10.1

References

https://patchstack.com/database/Wordpress/Plugin/amazonsi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-42759 Data

JSON