cleantalk
Vulnerabilities and Security Researches

WordPress Affiliates Plugin — SliceWP Affiliates, a5c53f80542bd4c546412f1716e0a14fa5bc6b38

CVE, Research URL

a5c53f80542bd4c546412f1716e0a14fa5bc6b38

Home page URL

Security reports for WordPress Affiliates Plugin — SliceWP Affiliates

Application

WordPress Affiliates Plugin — SliceWP Affiliates

Published on
Aug 09, 2021
Research Description
Affiliate Program Suite — SliceWP Affiliates [slicewp] < 1.0.46 WordPress Affiliates Plugin — SliceWP Affiliates <= 1.0.45 - Cross-Site Scripting The WordPress Affiliates Plugin — SliceWP Affiliates for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘converted’ parameter in versions up to, and including, 1.0.45 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.0.46.
Status
vulnerable
Previous vulnerability researches
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2024-12454) , Dec 18, 2024
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2026-42653) , May 13, 2026
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2024-47388) , Oct 03, 2024
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2026-6672) , May 07, 2026
WordPress Affiliates Plugin — SliceWP Affiliates (a3180e788ea2fcfcd8d3bf7c17348a519c805bf7) , Jun 07, 2024
New vulnerability
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds &amp; Listing (CVE-2026-7859) , Jun 24, 2026
Vitepos &#8211; Point of sale (POS) plugin for WooCommerce (CVE-2026-8157) , Jun 24, 2026
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form &amp; Conten (CVE-2026-10530) , Jun 24, 2026