{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-1308", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-07T14:25:34.583Z", "datePublished": "2024-04-09T18:58:44.343Z", "dateUpdated": "2026-04-08T16:47:26.083Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:47:26.083Z"}, "affected": [{"vendor": "datafeedrcom", "product": "Cloak Affiliate Links for WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.33", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links."}], "title": "WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "timeline": [{"time": "2024-03-20T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.582Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "datafeedr", "product": "woocommerce_cloak_affiliate_links", "cpes": ["cpe:2.3:a:datafeedr:woocommerce_cloak_affiliate_links:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.34", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T18:30:31.593370Z", "id": "CVE-2024-1308", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T18:33:25.220Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.582Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1308", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T18:30:31.593370Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:datafeedr:woocommerce_cloak_affiliate_links:*:*:*:*:*:*:*:*"], "vendor": "datafeedr", "product": "woocommerce_cloak_affiliate_links", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.34", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T18:33:19.846Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "affected": [{"vendor": "datafeedrcom", "product": "WooCommerce Cloak Affiliate Links", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.33"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-03-20T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-04-09T18:58:44.343Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1308", "state": "PUBLISHED", "dateUpdated": "2024-08-08T18:33:25.220Z", "dateReserved": "2024-02-07T14:25:34.583Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-04-09T18:58:44.343Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links."}, {"lang": "es", "value": "El complemento WooCommerce Cloak Affiliate Links para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'permalink_settings_save' en todas las versiones hasta la 1.0.33 incluida. Esto hace posible que atacantes no autenticados modifiquen la base de enlaces permanentes de afiliados, dirigiendo el tr\u00e1fico a sitios maliciosos a trav\u00e9s de los enlaces de afiliados del complemento."}], "id": "CVE-2024-1308", "lastModified": "2026-04-08T18:20:33.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-04-09T19:15:16.163", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/woocommerce-cloak-affiliate-links/tags/1.0.33/woocommerce-cloak-affiliate-links.php#L396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-cloak-affiliate-links/tags/1.0.33&old=3055367&new_path=/woocommerce-cloak-affiliate-links/tags/1.0.34&new=3055367&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{}