CVE-2023-47232 MEDIUM

CVE-2023-47232: WordPress WP Affiliate Disclosure plugin <= 1.2.6 - Broken Access Control + CSRF vulnerability

Vendor Mojofywp
Product WP Affiliate Disclosure
Published December 21, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6.

Explanation of Vulnerability in Simple Terms

02Summary

WP Affiliate Disclosure versions up to 1.2.6 contain a denial-of-service vulnerability. An authenticated attacker with low privileges can trigger a condition that degrades site availability. The vulnerability requires network access and valid login credentials but no user interaction from the victim.

What an attacker can do

03Attacker Capabilities

Degrade or disrupt site availability by triggering a denial-of-service condition.

Potential impact on your site

04Site Impact

Site performance or availability may be impacted if an authenticated user exploits this vulnerability.

Conditions required to exploit

05Prerequisites

Attacker must have a valid WordPress user account with low-level privileges and network access.

Key dates

06Disclosure timeline

December 21, 2025 CVE published
April 28, 2026 Record updated