CVE-2026-7330 | thedark Auto Affiliate Links Plugin up to 6.8.8 on WordPress AJAX Endpoint aal_url_stats_save_action url cross site scripting (EUVD-2026-28540)

A vulnerability identified as problematic has been detected in thedark Auto Affiliate Links Plugin up to 6.8.8 on WordPress. The affected element is the function aal_url_stats_save_action of the component AJAX Endpoint. Performing a manipulation of the argument url results in cross site scripting.

This vulnerability is cataloged as CVE-2026-7330. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More