Open Redirect Vulnerability in Affiliate Sales Plugin for WordPress by Google
CVE-2024-12561

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Affiliate Sales In Google Analytics And Other Tools
Vendor
CVE Published:
21 May 2025

What is CVE-2024-12561?

The Affiliate Sales plugin for WordPress, associated with Google Analytics, is susceptible to an Open Redirect vulnerability. This flaw arises from inadequate validation of the redirect URL provided through the 'afflink' parameter. As a result, malicious actors can exploit this vulnerability to redirect unsuspecting users to harmful websites after successfully manipulating them into clicking on links associated with their redirect requests. Website owners should ensure their plugins are updated and secure to prevent any potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Affiliate Sales in Google Analytics and other tools * <= 1.4.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wecantrack/tru...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jaap Marcus
JSON
.