Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3898: WP Affiliate Plugin - Affiliate Program Management Plugin

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
#web#wordpress#auth#ssl

It is a known fact that having an affiliate program is the most powerful way to market your products or services online (Read more on the benefits of affiliate program).

If you own a WordPress blog/site and your answer to the following questions are ‘yes’ then the ‘WordPress Affiliate Platform’ is what you need:

  1. Do you sell products or services online from your WordPress blog/site?
  2. Do you want to increase your sales and explode your profits by using an affiliate program?
  3. Do you want to have your own affiliate program so you can cut the middle man and build your own brand?

WordPress Affiliate Plugin Summary

The WordPress Affiliate Platform is an easy to use WordPress plugin for affiliate recruitment, management and tracking that can be used on any WordPress blog or site. This plugin lets you run your own affiliate campaign/program and allows you to reward (pay commission) your affiliates for referring sales.

The admin can configure banners, links and creatives which the affiliates can use on their site to drive traffic to your site. All the clicks, leads, sales etc are tracked by this plugin.

WP Affiliate plugin turns WordPress into the best affiliate campaign management platform

If you are running online ad campaigns for your products and services then you can use the affiliate platform plugin to measure the true conversion rate of each campaign to find out the profitable ones. This allows you to weed out the non-profitable campaigns and save money in the process.

In a nutshell, the Affiliate Platform Plugin will help you achieve the following:

  • Launch your affiliate campaign in a short time.
  • Monitor clicks and conversions of visitors sent by your affiliates.
  • Maintain your brand with your own product Ad Banners, Links and Creatives.
  • Drive more traffic to your landing/sales page from your Affiliate’s site.
  • Significantly BOOST revenue with more sales.

We use this plugin to run our affiliate program and it has had a positive effect on our product sales.

How WP Affiliate Plugin Works

Affiliate marketing is a type of performance-based marketing where you (the store owner) reward affiliates for sending customers to your site. The following page explains how it all works:

  • How the WordPress Affiliate Platform Works

WP Affiliate Plugin Features

Some key features of the WordPress Affiliate Platform include:

  • Easy Installation

    Easy installation like any other WordPress plugin and very easy to use. Seamlessly integrates with your website’s look and feel.

  • Real Time Reporting

    Real time reporting. All data (clicks, sales, commissions) are tracked, computed and displayed realtime with no delay.

  • Accurate Commission Calculation

    Affiliate commissions are calculated accurately and awarded to the affiliate after a confirmed sale.

  • Two Tier Affiliate Structure

    Can be configured to use as a two-tier affiliate structure.

  • Easy Affiliate Management

    View your affiliate details, commission level, account status etc. Easily change commission, edit affiliate details, view affiliate referrals, commissions and much more.

  • Self Managed Affiliate Area

    Your affiliates will be able to create an account, log into their affiliate account and get ad code, view referrals, commissions and payout details.

  • Affiliate Ad Code

    You can offer text and image ads to your affiliates. Your affiliates will be able to copy the ad code and use it to refer visitors.

  • Offer Creatives

    You have the ability to offer creatives (pre written text copy that) to your affiliates. Your affiliates can use it to promote your products easily.

  • Referral Link Generator

    It comes with a built-in link generation tool in the affiliate area. Your affiliates can use this tool to generate referral link and share it easily via email, facebook, twitter etc.

  • Offer Signup Bonus

    You can offer one time signup bonus to your affiliates. This can help you attract more affiliates to join you.

  • Autoresponder Integration

    It can be integrated with Autoresponders (AWeber, MailChimp, GetResponse, Mailpoet, Madmimi). This way the affiliates automatically get added to your list/campaign for email marketing purpose.

  • Unlimited Affiliates

    No limit on the number of affiliates you can have and no monthly fees to use this plugin. Have as many affiliates as you want!

  • Manually Approve Affiliates

    You can choose to manually approve each affiliate account. There is also an option to send the affiliate an email when you have reviewed the application and approved the account.

  • Commission Notification

    You can configure email notification that will be sent to your affiliate and you, when an affiliate receives a commission.

  • $0 Commission Recording

    Ability to enable or disable $0 commission recording. If the commission from a transaction is $0, you will be able to show or hide it.

  • Option to Show EPC Data

    Ability to show the EPC (Earnings Per Click) data to your affiliates in their affiliate portal (under the sales menu).

  • Export Data to CSV File

    Ability to export all your affiliate commissions data to a CSV file so you can view it using Excel. You can export your affiliate leads data to a CSV file also.

  • Multi Site License

    When you buy the WP Affiliate Platform plugin you can use it on as many sites as you own (you gotta love that!). There is no “Developer Option” here. One low price entitles you to use the plugin on all of your sites.

  • Plugin Stability

    Our plugin code-base is very stable. We put a lot effort into testing and developing our plugins so it doesn’t break your site after you upgrade.

  • Easy Integration with Most WordPress Shopping Carts

    Integrates with most WordPress shoping carts including WooCommerce, eShop, Shopp plugin, Cart66, WP Shopping Cart etc. Check the integration section on our documentation page to see the full details of the available pre-made integration options.

  • Fully Integrates with WP eStore

    Fully integrates with the WordPress eStore (WordPress Shopping Cart) plugin. Selling products from your WordPress site using the WP eStore plugin is quick and easy.

  • PayPal Button Integration

    You can easily integrate this affiliate plugin with PayPal buttons that you create from your PayPal account. It can work for both one time and subscription PayPal payment buttons.

  • Integrates with Some Hosted Shopping Carts

    Affiliate platform integrates with some hosted shopping carts like e-Junkie, FoxyCart, Ecwid etc. Check the integration section of our documentation page to see the full details of the available integration options.

  • Easy Integration with WooCommerce Plugin

    The affiliate plugin easily integrates with the WooCommerce plugin. When your customers complete a sale via Woo Commerce, the plugin awards the commission to the appropriate affiliate (if any). You can also integrate WooCommerce coupons with this plugin to track and award commission based on the coupon that was used in the transaction.

  • Easy Integration with the WP-eCommerce Plugin

    Can be easily integrated with the GetShopped WP-eCommerce plugin. You can view the WP eCommerce plugin integration details on our integration documentation page.

  • Integration with Gravity Forms Plugin

    Can be integrated with the Gravity forms plugin to capture leads referred by your affiliates. It also integrates with their pricing fields option.

  • Integrates with WishList Member plugin

    Can be integrated with the WishList Member plugin (Create Membership Site) when using PayPal buttons.

  • Developer Integration

    Developers can integrate the wordpress affiliate plugin with any shopping cart or a plugin via the API (read the 3rd party integration post to understand what is involved in such an integration).

  • Works with HTTPS Pages

    Affiliate Platform plugin works with https pages out of the box (useful if you are using an SSL certificate on your website).

  • Always Kept Upto Date

    We keep our plugins upto date to work with the latest version of WordPress. We have been doing this for 5+ years so rest assured that our plugins will always be compatible with any future WordPress updates.

  • Free Future Upgrades

    Free future improvements and upgrades (there is no annual fee). You will always have access to the latest version of the plugin for free.

  • Great Support

    Tired of listening to fake support promises? Checkout our customer only forum to see how we handle product related issues (usually within 24 hours). Our support forum is moderated by the developers who created the plugin(s).

Affiliate Platform Plugin Demo

Click on the following button to view live demo of the affiliate area that you will be able to create with this plugin:

Documentation & Technical Support

  • Documentation page (Contains all the documentation for the WP Affiliate Platform plugin)

If you are having any issue with this plugin then feel free to post it on the customer only support forum.

Please make sure you visit the demo and the documentation page so you understand the capability of this plugin. Do not assume that this plugin will magically work with a 3rd party plugin/solution that is not listed in the “Integration” section of the documentation page. Contact us if you are unsure about something and we will try to clarify it for you.

Customer Feedback

We won’t waste your time with fake testimonials! Checkout the customer feedback page and see what some of our customers have to say about us.

I meant to say this the other day: your customer support is EXCELLENT! Pre-sales or post sales, you always get back – it’s such a pleasure to work with you!

Combined costs for both products is a steal for the amount of functionality I get. A forthcoming review on my site will reflect that – I hope I can support you any way I can.

**Jay Versluis
**http://www.versluis.com/

You can also check the comment section below for more customer feedback.

Buy the WordPress Affiliate Platform

Summary

App Category

WordPress Plugin

Software Name

WordPress Affiliate Platform

Version

6.4.0

Date Modified

2022-11-01

Operating System

WordPress 6.1

Requirements

WordPress 5.5 or higher

Description

WordPress affiliate management plugin for automatic affiliate recruitment, management and referral tracking

File Format

application/zip

Easy Affiliate Program for WordPress blog or site. (Includes Free Lifetime Updates)

Get the Affiliate Software now and start building your sales army!

Frequently Bought Together

See the Products page for more bundled product deals.

WP Affiliate Platform Questions (F.A.Q)

Related news

CVE-2022-4213: Vulnerability Advisories Continued - Wordfence

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2022-4029: Vulnerability Advisories Continued - Wordfence

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This would be highly complex to exploit as it would require the attacker to set the cookie a cookie for the targeted user.

CVE-2022-3897: Vulnerability Advisories Continued - Wordfence

The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-4035: Vulnerability Advisories Continued - Wordfence

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for unauthenticated attackers to inject iFrames when submitting a booking that will execute whenever a user accesses the injected booking details page.

CVE-2022-4027: Vulnerability Advisories Continued - Wordfence

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when responding to forum threads that will execute whenever a user accesses an injected page.

CVE-2022-4028: Vulnerability Advisories Continued - Wordfence

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to inject arbitrary web scripts in pages when modifying a profile signature that will execute whenever a user accesses an injected page.

CVE-2022-4034: Vulnerability Advisories Continued - Wordfence

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

CVE-2022-4036: Vulnerability Advisories Continued - Wordfence

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.

CVE-2022-4032: Vulnerability Advisories Continued - Wordfence

The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated attackers to inject iFrames in pages that will execute whenever a user accesses an injected page.

CVE-2022-4033: Vulnerability Advisories Continued - Wordfence

The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation that allows attackers to inject content other than the specified value (i.e. a number, file path, etc..). This makes it possible attackers to submit values other than the intended input type.

CVE-2022-3896: Vulnerability Advisories Continued - Wordfence

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is unlikely to work in modern browsers.

CVE-2022-4169: Vulnerability Advisories Continued - Wordfence

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

CVE-2022-3861: Vulnerability Advisories Continued - Wordfence

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907