CVE-2024-51672 – WordPress BetterLinks plugin <= 2.1.7 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-51672
01 Nov 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1.7. The BetterLinks plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level ac... • https://patchstack.com/database/vulnerability/betterlinks/wordpress-betterlinks-plugin-2-1-7-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-45104 – WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45104
18 Oct 2023 — Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. The BetterLinks plugin for WordPress is vulnerable to unauthorized access and modification due to insufficient capability checks on the import_data and export_data functions in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to import and export plugin data. • https://patchstack.com/database/wordpress/plugin/betterlinks/vulnerability/wordpress-betterlinks-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVE-2021-24812 – BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24812
20 Oct 2021 — The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. El plugin BetterLinks de WordPress versiones anteriores a 1.2.6, no sanea ni escapa de algunos campos imported link, que podría conllevar problemas de tipo Cross-Site Scripting almacenado cuando un administrador importa un CSV malicioso • https://wpscan.com/vulnerability/6bc8fff1-ff10-4175-8a46-563f0f26f96a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •