The WP Affiliate Disclosure plugin for WordPress has a security vulnerability in all versions of the plugin up to version 1.2.6. This vulnerability means that attackers who are not authenticated can change the plugin options by fooling a site administrator into doing something like clicking on a link. This happens because the plugin does not properly check the security code that is designed to prevent this kind of attack.