A vulnerability, which was classified as critical, has been found in redefiningtheweb Affiliate Program & Referral Tracking Plugin up to 3.3.3 on WordPress. This impacts an unknown function of the component Frontend Access Control. This manipulation of the argument rtwalwm_nonce causes improper authorization.

The identification of this vulnerability is CVE-2026-7559. It is possible to initiate the attack remotely. There is no exploit available.