Skip to main content

Affiliate Program Referral Tracking For Woocommerce Wordpress Affilia

1 CVEs product

Monthly

CVE-2026-7559 MEDIUM This Month

Unauthorized affiliate management actions in the Affilia plugin for WordPress (all versions through 3.3.3) allow any subscriber-level authenticated user to approve or reject referrals, credit commissions to affiliate wallets, delete referral records, and modify banner options - enabling direct financial fraud against WooCommerce stores. The root cause is that the sole authentication gate relies on a WordPress nonce that is publicly embedded in every frontend page load via the JavaScript global `rtwalwm_global_params.rtwalwm_nonce`, making role-based access enforcement trivially bypassable. No public exploit code or CISA KEV listing is identified at time of analysis, but the low exploitation complexity and direct financial fraud impact make this a meaningful operational risk for any site running an affiliate program on this plugin.

Authentication Bypass WordPress Affiliate Program Referral Tracking For Woocommerce Wordpress Affilia
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

Unauthorized affiliate management actions in the Affilia plugin for WordPress (all versions through 3.3.3) allow any subscriber-level authenticated user to approve or reject referrals, credit commissions to affiliate wallets, delete referral records, and modify banner options - enabling direct financial fraud against WooCommerce stores. The root cause is that the sole authentication gate relies on a WordPress nonce that is publicly embedded in every frontend page load via the JavaScript global `rtwalwm_global_params.rtwalwm_nonce`, making role-based access enforcement trivially bypassable. No public exploit code or CISA KEV listing is identified at time of analysis, but the low exploitation complexity and direct financial fraud impact make this a meaningful operational risk for any site running an affiliate program on this plugin.

Authentication Bypass WordPress Affiliate Program Referral Tracking For Woocommerce Wordpress Affilia
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy