HIGH
AA-Team
CVE published 2026-05-26
CVE-2025-14361
A Missing Authorization vulnerability (CWE-862) in the AA-Team Woocommerce Envato Affiliates WordPress plugin allows authenticated attackers with low privileges to access functionality not properly constrained by access control lists. The vulnerability affects versions up to and including 1.2.1. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) indicates a network-attackable, low-complexity issue [truncated]