AA-Team WooCommerce Sales Funnel Builder and Amazon Affiliates Addon for WPBakery Page Builder Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in AA-Team WooCommerce Sales Funnel Builder versions through 1.1 and the AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) versions through 1.2. This vulnerability arises from improper input neutralization during web page generation, allowing attackers to inject malicious scripts that could be executed when users visit the affected page.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to update to versions of the WooCommerce Sales Funnel Builder and Amazon Affiliates Addon for WPBakery Page Builder that are not vulnerable to this issue. Patchstack has issued a mitigation rule to block attacks until an official fix is available.