Vulnerabilities and security researches forwoocommerce-cloak-affiliate-links woocommerce-cloak-affiliate-links

Jan 26, 2025

CVE, Research URL: CVE-2025-24647
Home page URL: Security reports for WooCommerce Cloak Affiliate Links
Application: WooCommerce Cloak Affiliate Links
Date: Jan 24, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-1308
Home page URL: Security reports for WooCommerce Cloak Affiliate Links
Application: WooCommerce Cloak Affiliate Links
Date: Apr 10, 2024
Research Description: The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.
Affected versions: Min -, max -.
Status: vulnerable