WordPress AffiliateWP plugin SQL Injection Vulnerability

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

EUVD-2025-31707

Malicious code in bioql PyPI...

CVE-2025-8877

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajaxgetaffiliateidfromlogin function in all versions up to, and including, 2.28.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress AffiliateWP plugin <= 2.28.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by LionTree in WordPress Plugin AffiliateWP versions = 2.28.2...

PT-2025-39962

Name of the Vulnerable Software and Affected Versions AffiliateWP plugin for WordPress versions up to and including 2.28.2 Description The AffiliateWP plugin for WordPress is susceptible to SQL Injection through the ajax get affiliate id from login function. This is due to inadequate escaping of...

CVE-2025-53460

CVE-2025-53460 affects the AffiliateWP – External Referral Links WordPress plugin (up to version 1.2.0). It is a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during page generation. The issue is confirmed in connected sources (Wordfence vulnerability data) and...

WordPress plugin AffiliateWP – External Referral Links 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting vulnerability exists...