Unauthorized Access Vulnerability in Affilia β Affiliate Program & Referral Tracking for WordPress Plugin
CVE-2026-7559
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-7559?
The Affilia β Affiliate Program & Referral Tracking plugin for WordPress has a serious security flaw that allows authenticated users with subscriber-level access or higher to manipulate affiliate referrals and related financial transactions. This vulnerability arises because the plugin fails to verify user authorizations correctly, leading to potential financial fraud. The nonce used for authentication is easily accessible to all authenticated users, regardless of their assigned roles, thereby allowing an attacker to approve or reject affiliate referrals, credit commissions, and alter various plugin settings without proper authorization.
Affected Version(s)
Affiliate Program & Referral Tracking for WooCommerce & WordPress β Affilia 0 <= 3.3.3