CVE-2025-47660
- EPSS 0.16%
- Veröffentlicht 23.05.2025 12:43:22
- Zuletzt bearbeitet 23.05.2025 15:54:42
Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC Affiliate: from n/a through 2.9.1.
CVE-2024-12336
- EPSS 0.15%
- Veröffentlicht 15.03.2025 03:23:24
- Zuletzt bearbeitet 28.03.2025 13:16:07
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes i...
CVE-2024-12321
- EPSS 0.1%
- Veröffentlicht 27.01.2025 06:15:22
- Zuletzt bearbeitet 13.05.2025 21:21:20
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-12334
- EPSS 0.84%
- Veröffentlicht 26.01.2025 12:15:28
- Zuletzt bearbeitet 04.02.2025 19:32:48
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. Th...