VYPR

WooCommerce Affiliate Program

by WordPress

CVEs (2)

  • CVE-2024-9289CriOct 1, 2024
    risk 0.64cvss 9.8epss 0.01

    The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating…

  • CVE-2022-0818MedMar 28, 2022
    risk 0.40cvss 6.1epss 0.01

    The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings…