CVE-2025-14361
HighSummary
The CVE-2025-14361 vulnerability in the Woocommerce Envato Affiliates plugin has a missing authorization issue that allows access to functionality not properly constrained by access control lists (ACLs).
Risk Assessment
The lack of proper authorization constraints may lead to unauthorized access to functions, posing a risk of data leakage or unauthorized actions within the system.
Recommendation
It is recommended to update the Woocommerce Envato Affiliates plugin to the latest version to patch this vulnerability and review and adjust access control lists.
Original NVD description (English source)
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1.

