CVE-2026-1843 — Cross-site Scripting in Super Page Cache

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 65.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Optimole Super Page Cache

Timeline

PublishedFeb 14

Description

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5optimole/super_page_cache5.2.2

🔴Vulnerability Details

GHSA

GHSA-jwgq-qf3x-8r62: The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5↗2026-02-14

▶

CVEList

Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log↗2026-02-14

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1843 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2025-55132 nodejs: Nodejs filesystem permissions bypass↗2026-01-20

▶