CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51939 – WordPress Stylish Internal Links plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51939
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Santhosh veer Stylish Internal Links allows DOM-Based XSS.This issue affects Stylish Internal Links: from n/a through 1.9. The Stylish Internal Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abo... • https://patchstack.com/database/vulnerability/stylish-internal-links/wordpress-stylish-internal-links-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51929 – WordPress Icon Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51929
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0. The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts ... • https://patchstack.com/database/vulnerability/icon-widget-with-links/wordpress-icon-widget-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43261 – WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43261
12 Aug 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1. The Compute Links plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. • https://patchstack.com/database/vulnerability/compute-links/wordpress-compute-links-plugin-1-2-1-remote-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37941 – WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-37941
09 Jul 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3. The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.24.3. This is due to missing or incorrect nonce validation on the ilj_rebuild_index and ilj_render_batch_info functions. This makes it... • https://patchstack.com/database/vulnerability/internal-links/wordpress-internal-link-juicer-seo-auto-linker-for-wordpress-plugin-2-24-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37545 – WordPress Floating Social Media Links plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37545
06 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Nick Halsey Floating Social Media Links permite XSS almacenado. Este problema afecta Floating Social Media Links: desde n/a hasta 1.5.2. The Flo... • https://patchstack.com/database/vulnerability/floating-social-media-links/wordpress-floating-social-media-links-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34441 – WordPress Easy Affiliate Links plugin <= 3.7.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34441
07 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.This issue affects Easy Affiliate Links: from n/a through 3.7.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Bootstrapped Ventures Easy Affiliate Links permite almacenar XSS. Este problema afecta a Easy Affiliate Links: desde n/a hasta 3.7.2. The Easy Affiliate Links... • https://patchstack.com/database/vulnerability/easy-affiliate-links/wordpress-easy-affiliate-links-plugin-3-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34386 – WordPress Auto Affiliate Links plugin <= 6.4.3.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-34386
06 May 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Lucian Apostol Auto Affiliate Links. Este problema afecta a Auto Affiliate Links: desde n/a hasta 6.4.3.1. The Auto Affiliate Links plugin for WordPress is vulnerable to SQL Injection in a... • https://patchstack.com/database/vulnerability/wp-auto-affiliate-links/wordpress-auto-affiliate-links-plugin-6-4-3-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22720 – WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-22720
19 Apr 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions. The WP Links Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, and including, 4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts i... • https://patchstack.com/database/vulnerability/wp-links-page/wordpress-wp-links-page-plugin-4-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26537 – WordPress WP No External Links Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-26537
28 Feb 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions. The WP No External Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user access... • https://patchstack.com/database/vulnerability/no-external-links/wordpress-wp-no-external-links-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45840 – WordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-45840
06 Feb 2023 — Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5. The Auto Affiliate Links plugin for WordPress is vulnerable to improper access control via multiple AJAX actions in versions up to, and including, 6.2.1.5. This allows authenticated attackers with subscriber-level permissions or above to modify plugin settings such as adding exclusions for posts a... • https://patchstack.com/database/wordpress/plugin/wp-auto-affiliate-links/vulnerability/wordpress-auto-affiliate-links-plugin-6-2-1-5-unauth-broken-access-control-vulnerability?_s_id=cve • CWE-284: Improper Access Control CWE-862: Missing Authorization •