CVE Catalog

CVE-2026-57654

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

The Affiliates Manager plugin version 2.9.49 and earlier suffers from a broken access control vulnerability for affiliates. This allows unauthorized users to perform actions they should not have permission to.

Risk Assessment

The organization is at risk of unauthorized access to affiliate functions, potentially leading to data manipulation, commission theft, or privilege escalation within the system.

Recommendation

Immediately update the Affiliates Manager plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin until it is released.

Original NVD description (English source)

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS