Skip to main content

Slicewp

1 CVEs product

Monthly

CVE-2026-42653 HIGH This Week

Stored cross-site scripting in the SliceWP WordPress affiliate-marketing plugin (all versions up to and including 1.2.6) lets remote attackers persist malicious JavaScript that executes in the browsers of users who later view the affected page. Patchstack-reported issue with no public exploit identified at time of analysis; CVSS 7.1 reflects the scope-changing impact when an admin or another user is lured into rendering the injected payload. Affects WordPress sites running the iova.Mihai SliceWP plugin in default configurations exposed to attacker-supplied input.

XSS Slicewp
NVD
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Stored cross-site scripting in the SliceWP WordPress affiliate-marketing plugin (all versions up to and including 1.2.6) lets remote attackers persist malicious JavaScript that executes in the browsers of users who later view the affected page. Patchstack-reported issue with no public exploit identified at time of analysis; CVSS 7.1 reflects the scope-changing impact when an admin or another user is lured into rendering the injected payload. Affects WordPress sites running the iova.Mihai SliceWP plugin in default configurations exposed to attacker-supplied input.

XSS Slicewp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy