47 matches found
CVE-2026-6672
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...
CVE-2026-6672
The CVE concerns the WordPress plugin SliceWP Affiliates (Affiliate Program Suite). A Stored Cross‑Site Scripting (Stored XSS) vulnerability exists in all versions up to 1.2.7 due to insufficient input sanitization and output escaping in the slicewp_affiliate_url shortcode attributes. Exploitatio...
CVE-2026-6672
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...
CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...
CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...
EUVD-2026-27538
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...
WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SliceWP versions = 1.2.6...
PT-2026-37350
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the 'slicewp...
WordPress plugin Affiliate Program Suite — SliceWP Affiliates 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...
WordPress Affiliate Program Suite — SliceWP Affiliates plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SliceWP versions = 1.2.7...
EUVD-2024-34774
Malicious code in bioql PyPI...
EUVD-2024-42424
Malicious code in bioql PyPI...
CVE-2024-12454
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-34413
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10...
CVE-2024-47388
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iova.mihai SliceWP slicewp allows Reflected XSS.This issue affects SliceWP: from n/a through = 1.1.18...
CVE-2024-12454
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12454 Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12454
CVE-2024-12454 details (WordPress): The Affiliate Program Suite — SliceWP Affiliates plugin is vulnerable to Cross-Site Request Forgery across all versions up to 1.1.23 due to missing or incorrect nonce validation in a function. This enables unauthenticated attackers to induce an administrator to...
WordPress plugin SliceWP Affiliates 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
WordPress SliceWP plugin <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SliceWP versions = 1.1.23...