Monitor free

Report

New Known

Verified

Fixed

WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities

5

CVSS 3.1 score Medium severity

Report

Monitoring Not reported to be exploited

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Affiliate For WooCommerce

Type

Plugin

Vulnerable versions

<= 4.7.0

Fixed in

4.8.0

PSID

84bf14abcea2

CVE ID

CVE-2022-25649

Classification

Other Vulnerability Type

OWASP Top 10

A5: Broken Access Control

Required privilege

Requires custom role (specific plugin role - affiliate) or higher.

Credits

Gennady Kovshenin (Patchstack Alliance)

Publicly disclosed

2022-08-01

Patchstack vPatch available since

09.12.2021

Details

Multiple Improper Access Control vulnerabilities were discovered by Gennady Kovshenin (Patchstack Alliance) in the WordPress Affiliate For WooCommerce premium plugin (versions <= 4.7.0).

Solution

Update the WordPress Affiliate For WooCommerce premium plugin to the latest available version (at least 4.8.0).

References