Primary

Context

AA-Team WooCommerce Envato Affiliates Missing Authorization Vulnerability Allowing Unrestricted Functionality Access

Vulnerability

A missing authorization vulnerability has been identified in the AA-Team WooCommerce Envato Affiliates plugin, affecting versions through 1.2.1. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized changes in settings or other critical areas of the application.

Impact

Exploitation of this vulnerability could result in unauthorized access to functionalities, allowing users to make changes that should be restricted based on their access level.

Remediation

Users are advised to update the WooCommerce Envato Affiliates plugin to the latest version. If an update is not possible, contact your hosting provider or web developer for assistance.

Added: May 26, 2026, 10:03 PM

Updated: May 26, 2026, 10:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AA-Team WooCommerce Envato Affiliates Missing Authorization Vulnerability Allowing Unrestricted Functionality Access

Vulnerability

Impact

Remediation

Affected Products

AA-Team Woocommerce Envato Affiliates

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating