CVE-2025-47612 WordPress ClickWhale plugin <= 2.4.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through = 2.4.6...

CVE-2025-47612

CVE-2025-47612 (ClickWhale) is a Missing Authorization vulnerability in the flowdee ClickWhale WordPress plugin (affected: 2.4.6 and earlier). The issue arises from incorrectly configured access control, enabling unauthorized access due to insufficient authorization checks. NVD/vectors indicate a...

CVE-2025-26963

Cross-Site Request Forgery CSRF vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through = 2.4.3...

CVE-2025-26963 WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through = 2.4.3...

CVE-2025-26963

CVE-2025-26963 is a CSRF vulnerability in the WordPress ClickWhale plugin (versions up to and including 2.4.3) that affects the plugin’s settings changes. The CVE entries and Red Hat/NVD/ CVE lists confirm it’s a CSRF to settings change issue affecting ClickWhale and indicate a published fix (Pat...

CVE-2025-0804 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-11327

The Connected PATCHSTACK entry confirms CVE-2024-11327 affects the WordPress plugin ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages, with a Reflected Cross-Site Scripting vulnerability caused by insufficient escaping of add_query_arg and remove_query_a...

CVE-2024-51715

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickWhale ClickWhale clickwhale allows Blind SQL Injection.This issue affects ClickWhale: from n/a through = 2.4.1...

CVE-2024-51715 WordPress ClickWhale plugin <= 2.4.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickWhale ClickWhale clickwhale allows Blind SQL Injection.This issue affects ClickWhale: from n/a through = 2.4.1...

PT-2025-2908 · Unknown · Clickwhale

Name of the Vulnerable Software and Affected Versions: ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages versions n/a through 2.4.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as ...