Woocommerce Cloak Affiliate Links

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-1308	WordPress Woocommerce Cloak Affiliate Links	Hig	0.49	7.5	0.00		Apr 9, 2024	The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.
CVE-2025-24647	WordPress Woocommerce Cloak Affiliate Links	Med	0.35	5.4	0.00		Jan 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in datafeedr WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links allows Cross Site Request Forgery.This issue affects WooCommerce Cloak Affiliate Links: from n/a through <= 1.0.35.

CVE-2024-1308HigApr 9, 2024
WordPress
Woocommerce Cloak Affiliate Links
risk 0.49cvss 7.5epss 0.00
The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links.
CVE-2025-24647MedJan 24, 2025
WordPress
Woocommerce Cloak Affiliate Links
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in datafeedr WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links allows Cross Site Request Forgery.This issue affects WooCommerce Cloak Affiliate Links: from n/a through <= 1.0.35.