CVE Catalog

CVE-2025-14361

High
Published: Translated: NVD NIST

Summary

The CVE-2025-14361 vulnerability in the Woocommerce Envato Affiliates plugin has a missing authorization issue that allows access to functionality not properly constrained by access control lists (ACLs).

Risk Assessment

The lack of proper authorization constraints may lead to unauthorized access to functions, posing a risk of data leakage or unauthorized actions within the system.

Recommendation

It is recommended to update the Woocommerce Envato Affiliates plugin to the latest version to patch this vulnerability and review and adjust access control lists.

Original NVD description (English source)

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS