CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23649 – WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-23649
18 Jan 2023 — Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. Vulnerabilidad de deserialización de datos no confiables en MainWP MainWP Links Manager Extension. Este problema afecta a MainWP Links Manager Extension: desde n/a hasta 2.1. The MainWP Links Manager Extension plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1 via deserialization of untrusted input. Thi... • https://patchstack.com/database/vulnerability/mainwp-links-manager-extension/wordpress-mainwp-links-manager-extension-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3135 – SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3135
05 Sep 2022 — The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin SEO Smart Links de WordPress versiones hasta 3.0.1, no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de ti... • https://wpscan.com/vulnerability/3505481d-141a-4516-bdbb-d4dad4e1eb01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1759 – RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF
https://notcve.org/view.php?id=CVE-2022-1759
23 May 2022 — The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping El plugin RB Internal Links de WordPress versiones hasta 2.0.16, no presenta comprobación de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes hacer que un administrador conect... • https://wpscan.com/vulnerability/d8e63f78-f38a-4f68-96ba-8059d175cea8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15863 – WP No External Links < 3.5.19 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15863
29 May 2017 — Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. Existe Cross Site Scripting (XSS) en el plugin wp-noexternallinks en versiones anteriores a la 3.5.19 para WordPress mediante el parámetro date1 o date 2 en wp-admin/options-general.php. • http://lists.openwall.net/full-disclosure/2017/06/02/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4833 – Nofollow Links <= 1.0.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-4833
20 Jul 2016 — Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Nofollow Links en versiones anteriores a 1.0.11 para WordPress permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN13582657/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5497
https://notcve.org/view.php?id=CVE-2015-5497
18 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Web Links 6.x-2.x en versiones anteriores a 6.x-2.6 y 7.x-1.x en versiones anteriores a 7.x-1.0 para Drupal, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a t... • http://www.openwall.com/lists/oss-security/2015/07/04/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4388
https://notcve.org/view.php?id=CVE-2015-4388
15 Jun 2015 — Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query. Vulnerabilidad de XSS en el módulo Current Search Links 7.x-1.x anterior a 7.x-1.1 para Drupal, cuando la opción 'Agregue las palabras clave conseguidas del usuario a la lista' está deshabilitada, permite a atacantes remotos iny... • http://www.openwall.com/lists/oss-security/2015/04/25/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9495 – Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9495
13 May 2015 — The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. El plugin syndication-links versiones anteriores a 1.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del identificador de anclaje del archivo genericons/example.html. The Syndication Links plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the genericons/example.html anchor identifier in versions up to 1.0.3 due to insufficient input sanitization and ... • https://wordpress.org/plugins/syndication-links/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6294
https://notcve.org/view.php?id=CVE-2014-6294
03 Oct 2014 — Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión External links click statistics (outstats) 0.0.3 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4537 – Keyword Strategy Internal Links <= 2.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4537
28 Apr 2014 — Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter. Vulnerabilidad de XSS en inpage.tpl.php en el plugin Keyword Strategy Internal Links 2.0 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) sort, (2) search, o (3) dir. • http://codevigilant.com/disclosure/wp-plugin-keyword-strategy-internal-links-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •