cleantalk
Vulnerabilities and Security Researches

Super Page Cache for Cloudflare, CVE-2026-1843

CVE, Research URL

CVE-2026-1843

Home page URL

Security reports for Super Page Cache for Cloudflare

Application

Super Page Cache for Cloudflare

Published on
Feb 14, 2026
Research Description
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 5.2.3.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-2263) , Apr 13, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
New vulnerability
Disable Admin Notices individually (CVE-2026-2410) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-2599) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-0825) , Apr 15, 2026
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2026-1565) , Apr 15, 2026
BackWPup – WordPress Backup Plugin (CVE-2026-6227) , Apr 15, 2026