WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities
Software
Affiliate For WooCommerce
Vulnerable versions
<= 4.7.0
PSID
84bf14abcea2
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires custom role (specific plugin role - affiliate) or higher.
Publicly disclosed
2022-08-01
Patchstack vPatch available since
09.12.2021
Details
Multiple Improper Access Control vulnerabilities were discovered by Gennady Kovshenin (Patchstack Alliance) in the WordPress Affiliate For WooCommerce premium plugin (versions <= 4.7.0).
Solution
Update the WordPress Affiliate For WooCommerce premium plugin to the latest available version (at least 4.8.0).
References