CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Vulnrichment•added 2026/05/06 6:47 a.m.•6 views

CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the...

6.4CVSS6AI score0.00152EPSS

Exploits0References2

Cvelist•added 2026/05/06 6:47 a.m.•28 views

CVE-2026-6672 Affiliate Program Suite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via slicewp_affiliate_url Shortcode

6.4CVSS0.00152EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 9:26 a.m.•7 views

CVE-2024-12454

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.00198EPSS

Exploits0References1

NVD•added 2024/12/18 10:15 a.m.•12 views

CVE-2024-12454

6.1CVSS0.00198EPSS

Exploits0References6

CVE•added 2024/12/18 9:22 a.m.•42 views

CVE-2024-12454

CVE-2024-12454 details (WordPress): The Affiliate Program Suite — SliceWP Affiliates plugin is vulnerable to Cross-Site Request Forgery across all versions up to 1.1.23 due to missing or incorrect nonce validation in a function. This enables unauthenticated attackers to induce an administrator to...

6.1CVSS6AI score0.00198EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by