CVSS 3.1 Score 4.3 of 10 (medium)


Published Mar 13, 2024


CVE-2024-1843 is a vulnerability found in the Auto Affiliate Links plugin for WordPress, affecting all versions up to and including 6.4.3. The vulnerability allows authenticated attackers with subscriber access or higher to add arbitrary links to posts, as a capability check is missing on the aalAddLink function. It has a base severity rating of MEDIUM with a base score of 4.3 and an exploitability score of 2.8, indicating a potential danger to organizations using this plugin. The impact score is 1.4, with low integrity and no confidentiality impact. Remediation for this vulnerability would involve updating to a version that addresses the issue once it becomes available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1843 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options