cleantalk
Vulnerabilities and Security Researches

Affiliate Sales in Google Analytics and other tools, CVE-2024-12561

CVE, Research URL

CVE-2024-12561

Home page URL

Security reports for Affiliate Sales in Google Analytics and other tools

Application

Affiliate Sales in Google Analytics and other tools

Published on
May 21, 2025
Research Description
The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Affected versions
Min -, max 1.4.9.
Status
vulnerable
Previous vulnerability researches
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-11291) , Dec 19, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-12919) , Jan 15, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-31088) , Apr 02, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2021-24728) , Jun 07, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-32728) , Jun 07, 2024
New vulnerability
Glossary by WPPedia – Best Glossary plugin for WordPress (CVE-2025-4803) , May 28, 2025
Import Social Events (CVE-2025-48256) , May 28, 2025
MStore API (CVE-2025-4683) , May 28, 2025
WP Statistics , May 27, 2025
Hostinger , May 27, 2025