CVE-2025-47660
- EPSS 0.32%
- Veröffentlicht 23.05.2025 12:43:22
- Zuletzt bearbeitet 15.04.2026 00:35:42
Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16.
CVE-2024-12336
- EPSS 0.14%
- Veröffentlicht 15.03.2025 03:23:24
- Zuletzt bearbeitet 08.04.2026 19:19:58
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes i...
CVE-2024-12321
- EPSS 0.1%
- Veröffentlicht 27.01.2025 06:15:22
- Zuletzt bearbeitet 13.05.2025 21:21:20
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-12334
- EPSS 0.56%
- Veröffentlicht 26.01.2025 12:15:28
- Zuletzt bearbeitet 04.02.2025 19:32:48
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. Th...