CVE-2026-32520

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

PT-2026-28034

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

WordPress AffiliateWP plugin SQL Injection Vulnerability

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

EUVD-2023-54453

Malicious code in bioql PyPI...

EUVD-2025-31707

Malicious code in bioql PyPI...

EUVD-2025-30757

Malicious code in bioql PyPI...

CVE-2025-8877

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajaxgetaffiliateidfromlogin function in all versions up to, and including, 2.28.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-8877

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajaxgetaffiliateidfromlogin function in all versions up to, and including, 2.28.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-8877 AffiliateWP <= 2.28.2 - Unauthenticated SQL Injection

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajaxgetaffiliateidfromlogin function in all versions up to, and including, 2.28.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-8877

The AffiliateWP WordPress plugin is affected by an unauthenticated SQL Injection in all versions up to 2.28.2, via the ajax_get_affiliate_id_from_login function due to insufficient escaping and lack of prepared statements. This could allow attackers to append additional SQL to existing queries an...

WordPress AffiliateWP plugin <= 2.28.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by LionTree in WordPress Plugin AffiliateWP versions = 2.28.2...

WordPress plugin AffiliateWP SQL注入漏洞

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

PT-2025-39962

Name of the Vulnerable Software and Affected Versions AffiliateWP plugin for WordPress versions up to and including 2.28.2 Description The AffiliateWP plugin for WordPress is susceptible to SQL Injection through the ajax get affiliate id from login function. This is due to inadequate escaping of...

CVE-2025-53460

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi AffiliateWP – External Referral Links affiliatewp-external-referral-links allows Stored XSS.This issue affects AffiliateWP – External Referral Links: from n/a through = 1.2.0...

WordPress AffiliateWP – External Referral Links Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin AffiliateWP – External Referral Links versions = 1.2.0...

CVE-2025-53460

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi AffiliateWP – External Referral Links affiliatewp-external-referral-links allows Stored XSS.This issue affects AffiliateWP – External Referral Links: from n/a through = 1.2.0...

CVE-2025-53460 WordPress AffiliateWP – External Referral Links Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi AffiliateWP – External Referral Links allows Stored XSS. This issue affects AffiliateWP – External Referral Links: from n/a through 1.2.0...

CVE-2025-53460 WordPress AffiliateWP – External Referral Links Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi AffiliateWP – External Referral Links affiliatewp-external-referral-links allows Stored XSS.This issue affects AffiliateWP – External Referral Links: from n/a through = 1.2.0...

CVE-2025-53460

CVE-2025-53460 affects the AffiliateWP – External Referral Links WordPress plugin (up to version 1.2.0). It is a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during page generation. The issue is confirmed in connected sources (Wordfence vulnerability data) and...