cleantalk
Vulnerabilities and Security Researches

WordPress Affiliates Plugin — SliceWP Affiliates, 9d9b5ca8-72e2-409a-ac6d-543f6f3e7920

CVE, Research URL

9d9b5ca8-72e2-409a-ac6d-543f6f3e7920

Home page URL

Security reports for WordPress Affiliates Plugin — SliceWP Affiliates

Application

WordPress Affiliates Plugin — SliceWP Affiliates

Published on
-
Research Description
Affiliate Program Suite — SliceWP Affiliates [slicewp] < 1.0.46 SliceWP &lt; 1.0.46 - Reflected Cross-Site Scripting (XSS) The plugin does not escape the converted parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.0.46.
Status
vulnerable
Previous vulnerability researches
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2024-12454) , Dec 18, 2024
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2026-42653) , May 13, 2026
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2024-47388) , Oct 03, 2024
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2026-6672) , May 07, 2026
WordPress Affiliates Plugin — SliceWP Affiliates (a3180e788ea2fcfcd8d3bf7c17348a519c805bf7) , Jun 07, 2024
New vulnerability
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds &amp; Listing (CVE-2026-7859) , Jun 24, 2026
Vitepos &#8211; Point of sale (POS) plugin for WooCommerce (CVE-2026-8157) , Jun 24, 2026
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form &amp; Conten (CVE-2026-10530) , Jun 24, 2026