PT-2025-46246 · WordPress · Auto Amazon Links – Amazon Associates Affiliate Plugin

Rafshanzani Suhada

Published

2025-11-11

Updated

2025-11-11

CVE-2025-11451

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Auto Amazon Links – Amazon Associates Affiliate Plugin versions prior to 5.4.4

Description The Auto Amazon Links – Amazon Associates Affiliate Plugin for WordPress is susceptible to unauthorized access to arbitrary files. This is possible through the /wp-json/wp/v2/aal ajax unit loading RST API endpoint, allowing unauthenticated attackers to read the contents of files on the server, potentially exposing sensitive information.

Recommendations Update the Auto Amazon Links – Amazon Associates Affiliate Plugin to version 5.4.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73

Related Identifiers

CVE-2025-11451

Affected Products

Auto Amazon Links – Amazon Associates Affiliate Plugin

CVE-2025-11451

Weakness Enumeration

Related Identifiers

Affected Products

References · 7