cleantalk
Vulnerabilities and Security Researches

WooCommerce Affiliate Plugin – Coupon Affiliates, CVE-2022-0818

CVE, Research URL

CVE-2022-0818

Home page URL

Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates

Application

WooCommerce Affiliate Plugin – Coupon Affiliates

Published on
Mar 28, 2022
Research Description
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
Affected versions
Min -, max 4.11.0.2.
Status
vulnerable
Previous vulnerability researches
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-3598) , Apr 20, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2024-12421) , Dec 15, 2024
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2023-30475) , Jun 06, 2024
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2022-0818) , Jun 06, 2024
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2023-28992) , Jun 06, 2024
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025