Vulnerabilities > Codexpert > WC Affiliate

DATE CVE VULNERABILITY TITLE RISK
2025-03-15 CVE-2024-12336 Missing Authorization vulnerability in Codexpert WC Affiliate
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3.
network
low complexity
codexpert CWE-862
6.5
6.5
2025-01-26 CVE-2024-12334 Cross-site Scripting vulnerability in Codexpert WC Affiliate
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping.
network
low complexity
codexpert CWE-79
6.1
6.1