Auto Affiliate Links Plugin <= 6.8.8

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to 6.8.8 due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into the admin statistics page.