The WP Affiliate Disclosure plugin for WordPress has a security vulnerability which could allow an attacker with contributor-level access and above to inject malicious web scripts into pages. This vulnerability affects versions 1.2.7 and earlier of the plugin, due to inadequate input sanitization and output escaping. If a user visits an affected page, any injected scripts would be able to run.