
Stop Affiliate Spam & Bot Logins with New Multi-CAPTCHA Protection
Stop affiliate spam with Multi-CAPTCHA support. Choose from Google reCAPTCHA, hCaptcha, or Cloudflare Turnstile to protect your affiliate program.
Continue Reading →Join 30,000+ Smart Business Owners who use AffiliateWP to Grow Their Revenue, FASTER!
Stop affiliate spam with Multi-CAPTCHA support. Choose from Google reCAPTCHA, hCaptcha, or Cloudflare Turnstile to protect your affiliate program.
Continue Reading →Earlier today, an important security flaw was discovered in the AffiliateWP code base that could potentially be exploited by a person with malicious intent.
The flaw was due to several database queries for affiliate, referral, visit, and creative data that were subject to a possible SQL injection.
With version 1.5.7, the flaw has been fixed.
We take security very seriously and always encourage users to update to the latest versions as soon as possible. In this particular case, we would recommend you update right away to ensure the flaw is removed.
For security reasons, we cannot provide the exact details for how the flaw could be exploited, but we can provide a basic overview to provide you with an idea of what the problem was.
Due to a couple of parameters not properly sanitized in our admin-only database queries, it was potentially possible for someone to tamper with the queries and perform an SQL injection attack.
Note: it was only possible for this SQL injection to happen when the currently logged-in user had the necessarily capabilities to view and edit affiliate data. Logged out users and low-level users are not affected. This means that an attacker would have to trick a site admin into clicking on a bad link in order for the flaw to be exploited.
The problem was fixed within hours of being discovered and the update was made available immediately after. To ensure your site is 100% secure, please update to version 1.5.7.
If you have any questions or concerns about this update or the security of your site, do not hesitate to contact us.
Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.
We use cookies to improve your experience on our site. By using our site, you consent to cookies.
Manage your cookie preferences below:
Essential cookies enable basic functions and are necessary for the proper function of the website.
Statistics cookies collect information anonymously. This information helps us understand how visitors use our website.
Marketing cookies are used to follow visitors to websites. The intention is to show ads that are relevant and engaging to the individual user.
1 comment on “Security update released”