CVE-2024-12561

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12561
The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/wecantrack/trunk/WecantrackApp.php#L66
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3320552%40wecantrack&new=3320552%40wecantrack&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4b205ab-f042-46d9-a331-f18809477384?source=cve
Configurations

No configuration.

History

08 Apr 2026, 19:20

Type Values Removed Values Added
Summary
  • (es) El complemento Affiliate Sales de Google Analytics y otras herramientas para WordPress es vulnerable a Open Redirect en todas las versiones hasta la 1.4.9 incluida. Esto se debe a una validación insuficiente de la URL de redirección proporcionada mediante el parámetro "afflink". Esto permite que atacantes no autenticados redirijan a los usuarios a sitios potencialmente maliciosos si logran engañarlos para que realicen una acción.
Summary (en) The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. (en) The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References
  • () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3320552%40wecantrack&new=3320552%40wecantrack&sfp_email=&sfph_mail= -

21 May 2025, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-21 12:16

Updated : 2026-04-15 00:35

NVD link : CVE-2024-12561

Mitre link : CVE-2024-12561

CVE.ORG link : CVE-2024-12561

JSON object : View

Products Affected

No product.

CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')