What the vulnerability does
01Description
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2015-20106
CVE-2015-20106: ClickBank Affiliate Ads <= 1.20 - Admin+ Stored Cross-Site Scripting
CVSS base score
—
Key dates
02Disclosure timeline
December 2, 2021
CVE published
August 6, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
CVE-2023-25982 WordPress Simple YouTube Responsive Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-5351 Cross-site Scripting (XSS) - Stored in salesagility/suitecrm
CVE-2023-43715 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
