Major security issue that has not been fixed.

We're shifting our Forum based support to a more dedicated support system!

We'll be closing our Forum support from 10th June, 2020 and move to Email Support assistance.

If you are a WCFM premium add-ons user, contact us- here
Want to know more before buying our add-ons? Send Pre sale queries- here
If you are a WCFM free user, please open a support ticket at WordPress.org
For WCFM App related queries, reach us- here

From now the forum will be read-only!

Tagged: wcfm affiliate, WCFM Marketplace

This topic has 2 replies, 2 voices, and was last updated 5 years, 1 month ago by WCFM Forum.

Viewing 2 reply threads

Author
Posts
- October 3, 2019 at 2:31 am #84831
  edo hopar
  Participant
  Hello,
  A few days ago another user posted here that Affiliate has access to Site Settings and you guys have not fixed this. You do realize that any affiliate can take all profits from the website owner if you do not fix this issue.
  WARNING: WCFM AFFILIATE Account has access to SETTINGS, including Payment settings, Commission Settings, VENDOR COMMISSION SETTINGS, Product, Store and many other ADMIN Settings.
  When affiliates log in, it takes them to their Affiliate Dashboard. Example
  https://mywebsite.com/store-manager/affiliates/
  NOW, While logged in as an affiliate, If you replace the URL with https://mywebsite.com/store-manager/SETTINGS/ you will get access to ADMIN SETTINGS…
  FIX THIS PLEASE. AFFILIATES SHOULD NOT HAVE ACCESS TO ALL THESE.
  Attachments:
  You must be logged in to view attached files.
- October 10, 2019 at 12:46 pm #85970
  edo hopar
  Participant
  Has any one of you guys had a chance to look in to this problem?
  It has been over 1 week I have posted this issue and you have not fixed it or responded
- October 11, 2019 at 10:28 am #86181
  WCFM Forum
  Member
  We will take care of this in next update.
Author
Posts

Viewing 2 reply threads

The topic ‘Major security issue that has not been fixed.’ is closed to new replies.