WordPress · Affiliate Sales In Google Analytics/Other Tools · CVE-2024-12561
**Name of the Vulnerable Software and Affected Versions**
The Affiliate Sales in Google Analytics and other tools plugin for WordPress versions up to, and including, 1.4.9
**Description**
The issue is due to insufficient validation on the redirect url supplied via the `afflink` parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
**Recommendations**
For versions up to, and including, 1.4.9, update to a version that includes the fix for this issue to prevent Open Redirect attacks.
As a temporary workaround, consider restricting access to the `afflink` parameter to minimize the risk of exploitation.