CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23542 – WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23542
18 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP Linkedin Login allows Reflected XSS. This issue affects RDP Linkedin Login: from n/a through 1.7.0. The RDP Linkedin Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages t... • https://patchstack.com/database/wordpress/plugin/rdp-linkedin-login/vulnerability/wordpress-rdp-linkedin-login-plugin-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23937 – WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-23937
17 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound LinkedIn Lite allows PHP Local File Inclusion. This issue affects LinkedIn Lite: from n/a through 1.0. The LinkedIn Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. T... • https://patchstack.com/database/wordpress/plugin/linkedin-lite/vulnerability/wordpress-linkedin-lite-plugin-1-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23897 – WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23897
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. The Apply with LinkedIn buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l... • https://patchstack.com/database/wordpress/plugin/apply-with-linkedin-buttons/vulnerability/wordpress-apply-with-linkedin-buttons-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23898 – WordPress Apply with LinkedIn buttons plugin <= 2.3 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23898
16 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. The Apply with LinkedIn buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a f... • https://patchstack.com/database/wordpress/plugin/apply-with-linkedin-buttons/vulnerability/wordpress-apply-with-linkedin-buttons-plugin-2-3-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32797 – WordPress WP LinkedIn Auto Publish plugin <= 8.11 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32797
22 Apr 2024 — Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11. Vulnerabilidad de autorización faltante en Martin Gibson WP LinkedIn Auto Publish. Este problema afecta a WP LinkedIn Auto Publish: desde n/a hasta 8.11. The WP LinkedIn Auto Publish plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_linkedin_autopublish_delete_all_linkedin_settings() function in ver... • https://patchstack.com/database/vulnerability/wp-linkedin-auto-publish/wordpress-wp-linkedin-auto-publish-plugin-8-11-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28425
https://notcve.org/view.php?id=CVE-2024-28425
14 Mar 2024 — greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. Se descubrió que greykite v1.0.0 contenía una vulnerabilidad de carga de archivos arbitraria en la función load_obj en /templates/pickle_utils.py. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • https://github.com/bayuncao/vul-cve-17 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-4264 – LinkedIn dustjs prototype pollution
https://notcve.org/view.php?id=CVE-2021-4264
21 Dec 2022 — A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/linkedin/dustjs/commit/ddb6523832465d38c9d80189e9de60519ac307c3 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2148 – LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2148
21 Jun 2022 — The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin LinkedIn Company Updates de WordPress versiones hasta 1.5.3, no sanea ni escapa de su configuración, lo que permite a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfilte... • https://wpscan.com/vulnerability/92214311-da6d-49a8-95c9-86f47635264f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 29%CPEs: 1EXPL: 1CVE-2021-26722
https://notcve.org/view.php?id=CVE-2021-26722
05 Feb 2021 — LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. LinkedIn Oncall versiones hasta 1.4.0, permite un ataque de tipo XSS reflejado por medio de /query debido al manejo inapropiado del mensaje "No results found for" en la barra de búsqueda • https://github.com/linkedin/oncall/issues/341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2017-17580 – FS Linkedin Clone 1.0 - 'grid' / 'fid' / 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2017-17580
13 Dec 2017 — FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. FS Linkedin Clone 1.0 tiene una inyección SQL mediante el parámetro grid en group.php, el parámetro fid en profile.php; o el parámetro id en company_details.php • https://www.exploit-db.com/exploits/43249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •