Mtdesigninfo

**Name of the Vulnerable Software and Affected Versions** wp-tmkm-amazon plugin versions 1.5b and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `AID` parameter in the wp-tmkm-amazon-search.php file. **Recommendations** For wp-tmkm-amazon plugin versions 1.5b and earlier, avoid using the `AID` parameter in the affected API endpoint until the issue is resolved.