CVE-2026-57654
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
The Affiliates Manager plugin version 2.9.49 and earlier suffers from a broken access control vulnerability for affiliates. This allows unauthorized users to perform actions they should not have permission to.
Risk Assessment
The organization is at risk of unauthorized access to affiliate functions, potentially leading to data manipulation, commission theft, or privilege escalation within the system.
Recommendation
Immediately update the Affiliates Manager plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin until it is released.
Original NVD description (English source)
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

