CVE-2025-53285: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in The Website Flip Add & Replace Affiliate Links for Amazon plugin through version 1.0.6. The vulnerability was discovered by Nabil Irawan and publicly disclosed on June 27, 2025 (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue. It has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The vulnerability is tracked as CWE-79 (Patchstack).

This vulnerability could allow attackers to inject malicious scripts, which may lead to redirects, unauthorized advertisements, and other malicious HTML payloads being executed when visitors access the affected site. The impact is considered medium severity due to the requirement of high privileges for exploitation (Patchstack).

As there is no official fix available and the software is considered abandoned, users are strongly advised to remove and replace the plugin with an alternative solution (Patchstack).