CVE-2023-26537 – WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-26537
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions. The WP No External Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/no-external-links/wordpress-wp-no-external-links-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15863 – WP No External Links < 3.5.19 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15863
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. Existe Cross Site Scripting (XSS) en el plugin wp-noexternallinks en versiones anteriores a la 3.5.19 para WordPress mediante el parámetro date1 o date 2 en wp-admin/options-general.php. • http://lists.openwall.net/full-disclosure/2017/06/02/3 https://wordpress.org/plugins/wp-noexternallinks/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •