CVE-2025-46506

Summary

CVE-2025-46506 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Lora77 WpZon – Amazon Affiliate Plugin. This issue permits an attacker to conduct Reflected XSS (Cross-Site Scripting) attacks on unsuspecting users. The plugin, used for integrating Amazon affiliate program into WordPress websites, is susceptible to this flaw from version n/a through 1.3. An attacker can exploit this vulnerability by tricking a user into clicking a malicious link, leading to the execution of harmful scripts within the user's web browser. This can potentially result in data theft, unauthorized actions, or other security breaches. Users are recommended to update to the latest, secure version of the plugin as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.