CVE-2018-5214 – Add Link to Facebook <= 2.3 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-5214

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. El plugin Add Link to Facebook hasta la versión 2.3 para WordPress tiene Cross-Site Scripting (XSS) mediante el parámetro al2fb_facebook_id en wp-admin/profile.php. The Add Link to Facebook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘al2fb_facebook_id’ parameter in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •