CVE-2025-62077
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seoseon_europe_s.l | affiliate_link_tracker | to 0.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62077 is a Stored Cross Site Scripting (XSS) vulnerability in the WordPress Affiliate Link Tracker Plugin (versions up to 0.2). It allows a malicious actor to inject and execute malicious scripts such as redirects, advertisements, or other HTML payloads on websites using the affected plugin. Exploitation requires interaction by a privileged user, specifically an administrator, who must perform an action like clicking a malicious link, visiting a crafted page, or submitting a form. [1]
How can this vulnerability impact me? :
This vulnerability can lead to the execution of malicious scripts on your website, potentially causing unauthorized redirects, displaying unwanted advertisements, or other harmful actions. Since exploitation requires administrator interaction, the risk is moderate, but it could compromise site integrity, user trust, and potentially lead to further attacks if exploited. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious input or script injections in the Affiliate Link Tracker plugin, especially actions performed by administrators. Since exploitation requires administrator interaction with crafted inputs, you can audit logs for unusual administrator activities such as clicking unknown links or submitting unexpected forms. Additionally, scanning web pages generated by the plugin for injected scripts or unexpected HTML payloads can help detect exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrator access to trusted users only, educating administrators to avoid clicking suspicious links or submitting untrusted forms, and monitoring for unusual activity. Since no official fix or patched version is currently available, applying strict input validation and sanitization on the server side, if possible, can help reduce risk. Also, consider disabling or limiting the use of the affected Affiliate Link Tracker plugin until a patch is released. [1]