VYPR

Wc Affiliate

by Codexpert

Source repositories

CVEs (3)

  • CVE-2025-47660HigMay 23, 2025
    risk 0.50cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through <= 2.16.

  • CVE-2024-12336MedMar 15, 2025
    risk 0.35cvss 6.5epss 0.00

    The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes it possible for…

  • CVE-2024-12321Jan 27, 2025
    risk 0.00cvss epss 0.00

    The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.