Skip to content
AffiliateWP

AffiliateWP

Join 30,000+ Smart Business Owners who use AffiliateWP to Grow Their Revenue, FASTER!

Get AffiliateWP
See all Features
  • Features
    • Advanced Affiliate Tracking
    • 1-Click Payouts
    • Affiliate Growth Tools
    • Custom Affiliate Dashboard
    • Smart Commission Rules
    • Easy Setup
    • See all Features →
  • Integrations
    • WooCommerce
    • Easy Digital Downloads
    • PayPal
    • WPForms
    • MemberPress
    • GiveWP
    • See all Integrations →
  • Pricing
  • Help Center
    • Documentation
    • Support
  • Testimonials
  • Blog
  • Log In
  • Get AffiliateWP

Security update released

Last updated on March 23, 2015 by Pippin Williamson
FacebookTweetLinkedInEmail

Earlier today, an important security flaw was discovered in the AffiliateWP code base that could potentially be exploited by a person with malicious intent.

The flaw was due to several database queries for affiliate, referral, visit, and creative data that were subject to a possible SQL injection.

With version 1.5.7, the flaw has been fixed.

How important is updating to 1.5.7?

We take security very seriously and always encourage users to update to the latest versions as soon as possible. In this particular case, we would recommend you update right away to ensure the flaw is removed.

How could the flaw be exploited?

For security reasons, we cannot provide the exact details for how the flaw could be exploited, but we can provide a basic overview to provide you with an idea of what the problem was.

Due to a couple of parameters not properly sanitized in our admin-only database queries, it was potentially possible for someone to tamper with the queries and perform an SQL injection attack.

Note: it was only possible for this SQL injection to happen when the currently logged-in user had the necessarily capabilities to view and edit affiliate data. Logged out users and low-level users are not affected. This means that an attacker would have to trick a site admin into clicking on a bad link in order for the flaw to be exploited.

The problem was fixed within hours of being discovered and the update was made available immediately after. To ensure your site is 100% secure, please update to version 1.5.7.

If you have any questions or concerns about this update or the security of your site, do not hesitate to contact us.

 

 

Add a Comment Cancel Reply

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

1 comment on “Security update released”

  1. Pingback: esc_sql Doh! WordPress SQL Injection Vulnerability - Pritect Network
AffiliateWP

Get the #1 Most Powerful WordPress Affiliate Plugin Today

Join 30,000+ Smart Business Owners Who Use AffiliateWP to Grow Their Revenue, FASTER!

Get AffiliateWP Now
  • How to Use Social Proof to Increase Your Conversions (7 Ways)
  • 6 Best ShareASale Alternatives for 2023 (More Reliable And Powerful)
  • 8 Best Affiliate Marketing Blogs You Can’t Miss in 2023
  • 7 Proven Steps to Optimize SEO in Affiliate Marketing (Guide)
  • 5 Reasons Your Affiliates Struggle to Run Successful Campaigns

Connect with us:

  • Facebook
  • Twitter

Start Getting More Sales Today with AffiliateWP

Launch your affiliate program today and unlock a new revenue channel to grow your business faster.

Get AffiliateWP Now

Company

  • About
  • Press
  • Testimonials
  • Blog
  • Contact
  • Affiliates
  • Careers
  • Twitter
  • Facebook

Powerful Affiliate Features

  • Easy Setup
  • Advanced Affiliate Tracking
  • Smart Fraud Detection
  • Powerful Affiliate Management
  • Detailed Affiliate Reports
  • 1-Click Payouts
  • Custom Affiliate Dashboard
  • Smart Commission Rules
  • Unlimited Creatives
  • Affiliate Growth Tools
  • Fully Internationalized
  • Fully Customizable

Helpful Links

  • Support
  • Documentation
  • Integrations
  • WordPress Hosting
  • Start a Blog
  • Make a Website
  • Start a Store

Use Cases Section

Ecommerce Affiliate Software for:

  • WooCommerce
  • PayPal
  • WP Simple Pay
  • Easy Digital Downloads

Membership Affiliate Software for:

  • MemberPress
  • Paid Memberships Pro
  • LifterLMS
  • Restrict Content Pro
  • MemberMouse

Form Referral Tracking Software for:

  • WPForms
  • Formidable Forms
  • Gravity Forms
  • Ninja Forms
  • Contact Form 7

Our Brands

Connect with us

  • Twitter
  • Facebook
  • YouTube

Awesome Products Start with an Awesome Team.

Over 25 million sites use our software. We believe in creating awesome user experiences. Whatever the market conditions or current trends, you will always find Awesome Motive leading the way to help our customers gain competitive business advantage and stay ahead of the curve.

  • WPForms
  • OptinMonster
  • MonsterInsights
  • WP Mail SMTP
  • RafflePress
  • SeedProd
  • TrustPulse
  • AIOSEO
  • Smash Balloon
  • Easy Digital Downloads
  • WP Simple Pay
  • PushEngage
  • SearchWP
  • WPBeginner

Copyright ©  Sandhills Development, LLC.

Terms of Service
Privacy Policy
FTC Disclosure
Sitemap
AffiliateWP Coupon
wpbeginner verified

Share this ArticleLike this article? Email it to a friend!

Email sent!