CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39415 – WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-39415
17 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3. The Social Media Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can ... • https://patchstack.com/database/wordpress/plugin/social-media-links/vulnerability/wordpress-social-media-links-plugin-1-0-3-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39440 – WordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-39440
17 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Broken Links Remover allows Stored XSS. This issue affects Broken Links Remover: from n/a through 1.2.2. The Broken Links Remover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can tri... • https://patchstack.com/database/wordpress/plugin/broken-links-remover/vulnerability/wordpress-broken-links-remover-plugin-1-2-2-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32639 – WordPress Affiliate Links plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32639
10 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wecantrack Affiliate Links Lite allows Reflected XSS. This issue affects Affiliate Links Lite: from n/a through 3.1.0. The Affiliate Links Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha... • https://patchstack.com/database/wordpress/plugin/affiliate-links/vulnerability/wordpress-affiliate-links-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30551 – WordPress Pretty file links plugin <= 0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30551
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartredfox Pretty file links allows Stored XSS. This issue affects Pretty file links: from n/a through 0.9. The Pretty file links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary we... • https://patchstack.com/database/wordpress/plugin/pretty-file-links/vulnerability/wordpress-pretty-file-links-plugin-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27335 – WordPress Auto Tag Links Plugin <= 1.0.13 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-27335
24 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links allows Cross Site Request Forgery. This issue affects Auto Tag Links: from n/a through 1.0.13. The Auto Tag Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a... • https://patchstack.com/database/wordpress/plugin/auto-tag-links/vulnerability/wordpress-auto-tag-links-plugin-1-0-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27273 – WordPress Affiliate Links Manager Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27273
21 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS. This issue affects Affiliate Links Manager: from n/a through 1.0. The Affiliate Links Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages t... • https://patchstack.com/database/wordpress/plugin/affiliate-links-manager/vulnerability/wordpress-affiliate-links-manager-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23570 – WordPress WP Social Links plugin <= 0.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23570
16 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Social Links allows Reflected XSS. This issue affects WP Social Links: from n/a through 0.3.1. The WP Social Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if ... • https://patchstack.com/database/wordpress/plugin/wp-social-links/vulnerability/wordpress-wp-social-links-plugin-0-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25098 – WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25098
03 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2. The Links in Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web ... • https://patchstack.com/database/wordpress/plugin/links-in-captions/vulnerability/wordpress-links-in-captions-plugin-1-2-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22655 – WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-22655
03 Feb 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3. The CWD – Stealth Links plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to a... • https://patchstack.com/database/wordpress/plugin/cwd-stealth-links/vulnerability/wordpress-cwd-stealth-links-plugin-1-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25112 – WordPress Social Links plugin <= 1.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-25112
02 Feb 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Links allows Blind SQL Injection. This issue affects Social Links: from n/a through 1.2. The Social Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scrip... • https://patchstack.com/database/wordpress/plugin/social-links/vulnerability/wordpress-links-in-captions-plugin-1-2-stored-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •