Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WordPress Affiliates Plugin — SliceWP Affiliates 1.1.20

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 12, 2024

A popular plugin for WordPress, called SliceWP Affiliates, has a security issue that can make websites vulnerable to external attacks. This is because the plugin does not properly protect the URLs used in its code, which can allow hackers to inject harmful scripts onto pages. Any version of the plugin up to 1.1.20 is affected by this issue, and it can be exploited if a user is tricked into clicking on a link.

Detected in:

Affiliate Program Suite — SliceWP Affiliates fixed vulnerable versions:
WordPress Affiliates Plugin — SliceWP Affiliates fixed vulnerable versions: >= * <= 1.1.20

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.