Amid the security review of AffiliateWP plugin for WordPress CMS, Security Vulnerabilities was found utilizing DefenseCode ThunderScan by Neven Biruski in application source code security testing phase.
XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable.
Read More about XSS.
For More information Refer DefenseCode Advisories.
As per the plugin creators, AffiliateWP is a simple to-utilize, solid WordPress module that gives you the affiliate marketing tools that used to develop your business and profit. In 2016 it outperformed $500,000 in yearly income.
The bug has been reported to Vendor by Defense code and they released a fix on 2017/05/17. So the solution is simple, you need to update to the latest available version of AffiliateWP plugin.