cleantalk
Vulnerabilities and Security Researches

WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce, CVE-2024-12321

CVE, Research URL

CVE-2024-12321

Home page URL

Security reports for WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce

Application

WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce

Published on
Jan 27, 2025
Research Description
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
Min -, max 2.4.
Status
vulnerable
Previous vulnerability researches
Premium Addons for Elementor (CVE-2024-6495) , Jul 13, 2024
Premium Addons for Elementor (CVE-2024-56225) , Dec 23, 2024
Premium Addons for Elementor (CVE-2024-2664) , Jun 07, 2024
Premium Addons for Elementor (CVE-2021-24257) , Jun 07, 2024
Premium Addons for Elementor (CVE-2024-1242) , Jun 07, 2024
New vulnerability
BP Messages Tool (CVE-2025-43839) , May 07, 2025
EC Authorize.net (CVE-2025-46487) , May 07, 2025
TablePress – Tables in WordPress made easy (CVE-2024-45293) , May 07, 2025
Newsletter – Send awesome emails from WordPress (CVE-2025-3583) , May 07, 2025
Insert PHP Code Snippet (CVE-2024-43275) , May 07, 2025