CVE-2024-12454

Name of the Vulnerable Software and Affected Versions Affiliate Program Suite — SliceWP Affiliates plugin for WordPress versions up to, and including, 1.1.23

Description The issue is due to missing or incorrect nonce validation on a function, making it possible for unauthenticated attackers to inject malicious web scripts via a forged request. This can happen if attackers can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 1.1.23, update to a version higher than 1.1.23 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function to minimize the risk of exploitation.