cleantalk
Vulnerabilities and Security Researches

WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce, CVE-2024-12321

CVE, Research URL

CVE-2024-12321

Home page URL

Security reports for WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce

Application

WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce

Published on
Jan 27, 2025
Research Description
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
Min -, max 2.4.
Status
vulnerable
Previous vulnerability researches
Clever Addons for Elementor (CVE-2024-43324) , Aug 20, 2024
Clever Addons for Elementor (CVE-2024-10357) , Oct 27, 2024
Clever Addons for Elementor (CVE-2024-51580) , Nov 04, 2024
Clever Addons for Elementor (CVE-2024-2350) , Jun 07, 2024
Clever Addons for Elementor (CVE-2021-24273) , Jun 07, 2024
New vulnerability
EC Authorize.net (CVE-2025-46487) , May 07, 2025
TablePress – Tables in WordPress made easy (CVE-2024-45293) , May 07, 2025
Newsletter – Send awesome emails from WordPress (CVE-2025-3583) , May 07, 2025
Insert PHP Code Snippet (CVE-2024-43275) , May 07, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2024-38785) , May 07, 2025