Vulnerabilities and security researches formultilevel-referral-plugin-for-woocommerce multilevel-referral-plugin-for-woocommerce
Direction: ascendingJun 06, 2024
Multilevel Referral Affiliate Plugin for WooCommerce # 127912ebc0a6ce0dc350a25618a0a12e35434240
- CVE, Research URL
- Date
- Jul 18, 2023
- Research Description
- Multilevel Referral Affiliate Plugin for WooCommerce [multilevel-referral-plugin-for-woocommerce] < 2.23 (closed) WordPress Multilevel Referral Affiliate Plugin for WooCommerce Plugin < 2.23 is vulnerable to Cross Site Scripting (XSS) Update the plugin to the latest version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Multilevel Referral Affiliate Plugin for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.23.
- Affected versions
-
max 2.23.
- Status
-
vulnerable
Dec 03, 2024
Multilevel Referral Affiliate Plugin for WooCommerce # CVE-2024-53742
- CVE, Research URL
- Date
- Dec 02, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through 2.27.
- Affected versions
-
max 2.27.
- Status
-
vulnerable
Mar 03, 2025
Multilevel Referral Affiliate Plugin for WooCommerce # CVE-2024-13750
- CVE, Research URL
- Date
- Mar 01, 2025
- Research Description
- The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.27.
- Status
-
vulnerable