Wc Affiliate Security Vulnerabilities and Issues — Wc Affiliate CVE List

CodexpertWc Affiliate

3 matches found

CVE•added 2025/01/26 11:9 a.m.•57 views

CVE-2024-12334

CVE-2024-12334 concerns the WC Affiliate – A Complete WooCommerce Affiliate Plugin for WordPress. Affected versions: all up to and including 2.4. Root cause: insufficient input sanitization and output escaping, enabling Reflected Cross-Site Scripting via any parameter. Impact: unauthenticated att...

6.1CVSS6AI score0.00272EPSS

CVE•added 2025/01/27 6:0 a.m.•52 views

CVE-2024-12321

CVE-2024-12321 : The WC Affiliate WordPress plugin (versions up to 2.3.9) does not sanitize/escape a user-controlled parameter before echoing it in a page, enabling a reflected Cross-Site Scripting vulnerability. Impact is described as potentially actionable against high-privilege users such as a...

7.1CVSS5.8AI score0.00264EPSS

CVE•added 2025/03/15 3:23 a.m.•50 views

CVE-2024-12336

CVE-2024-12336 affects WC Affiliate – A Complete WooCommerce Affiliate Plugin for WordPress up to version 2.5.3, where a missing capability check in export_all_data allows authenticated users with Subscriber+ privileges to read sensitive affiliate data (PII). The vulnerability is confirmed by mul...

6.5CVSS6.2AI score0.00327EPSS