VDB-107205 · CVE-2017-14622 · BID 101050

2kb Amazon Affiliates Store Plugin up to 2.1.0 on WordPress wp-admin/admin.php page/kbAction cross site scripting

A vulnerability was found in 2kb Amazon Affiliates Store Plugin up to 2.1.0 on WordPress (WordPress Plugin). It has been classified as problematic. This affects an unknown function of the file wp-admin/admin.php. Upgrading to version 2.1.1 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

ID	Commited	User	Field	Change	Remarks	Moderated	Reason	C
10820241	01/14/2021	VulD...	cvss2_nvd_basescore	4.3	nist.gov	01/14/2021	accepted	90
10820240	01/14/2021	VulD...	person_name	rsanchezr	securityfocus.com	01/14/2021	accepted	70
7144273	11/20/2019	VulD...	securityfocus_class	Input Validation Error	securityfocus.com	11/20/2019	accepted	100
7144272	11/20/2019	VulD...	securityfocus_date	1506556800 (09/28/2017)	securityfocus.com	11/20/2019	accepted	100
7144263	11/20/2019	VulD...	confirm_url	https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers	wordpress.org	11/20/2019	accepted	100
7144224	11/20/2019	VulD...	discoverydate	1505865600		11/20/2019	accepted	100
7144283	09/28/2017	VulD...	cvss3_nvd_basescore	6.1	nist.gov	09/28/2017	accepted	90
7144282	09/28/2017	VulD...	0day_days	7		09/28/2017	accepted	90
7144281	09/28/2017	VulD...	cvss3_vuldb_rc	X		09/28/2017	accepted	90
7144280	09/28/2017	VulD...	cvss3_vuldb_rl	O		09/28/2017	accepted	90
7144279	09/28/2017	VulD...	cvss3_vuldb_e	X		09/28/2017	accepted	90
7144278	09/28/2017	VulD...	cvss2_vuldb_rc	ND		09/28/2017	accepted	90
7144277	09/28/2017	VulD...	cvss2_vuldb_rl	OF		09/28/2017	accepted	90
7144276	09/28/2017	VulD...	cvss2_vuldb_e	ND		09/28/2017	accepted	90
7144275	09/28/2017	VulD...	location	Website		09/28/2017	accepted	90
7144274	09/28/2017	VulD...	securityfocus_title	WordPress 2kb Amazon Affiliates Store Plugin Multiple Cross Site Scripting Vulnerabilities	securityfocus.com	09/28/2017	accepted	100
7144271	09/28/2017	VulD...	securityfocus	101050	securityfocus.com	09/28/2017	accepted	100
7144270	09/28/2017	VulD...	cve_nvd_summary	Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.	mitre.org	09/28/2017	accepted	100
7144269	09/28/2017	VulD...	cve_nvd_published	1506470400	mitre.org	09/28/2017	accepted	100
7144268	09/28/2017	VulD...	cve_assigned	1505865600	mitre.org	09/28/2017	accepted	100