CVE-2023-4482
The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 198 live websites that are affected by CVE-2023-4482.
Affected Software
| Product |  Amazon Auto Links |
| Category | Wordpress Plugins |
| Vulnerable Domains | 198 live websites (9.16% of Amazon Auto Links install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 13 versions ( 59% of all versions) |
Details
- Published - Oct 20, 2023
- Updated - Feb 5, 2025
Credits
- Marco Wotschka (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2023-4482 United States | 78 websites |
 Japan | 30 websites |
 Germany | 28 websites |
 France | 9 websites |
 Cyprus | 8 websites |
 Spain | 7 websites |
 GB | 5 websites |
 Italy | 5 websites |
 Brazil | 3 websites |
Website Distribution by TLD
Number of websites using CVE-2023-4482| .com | 122 websites |
| .de | 19 websites |
| .net | 14 websites |
| .org | 8 websites |
| .jp | 3 websites |
| .co.uk | 3 websites |
| .fr | 3 websites |
| .info | 3 websites |
| .it | 3 websites |
| .at | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-4482
Top websites that are affected by CVE-2023-4482. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ***********.com | United States | ***,*** | |
| ***********.org | United States | ***,*** | |
| ****************.net | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| *************.com |  Singapore | *,***,*** | |
| *************.***.br | Brazil | *,***,*** | |
| ****************.com | United States | *,***,*** | |
| *******************.com | United States | *,***,*** |
FAQ
A total of 198 websites have been identified as vulnerable to CVE-2023-4482, based on global website indexing conducted by WebTechSurvey.
The Amazon Auto Links is affected by the CVE-2023-4482 vulnerability.
Amazon Auto Links versions up to and including 5.3.1 are vulnerable to CVE-2023-4482.