CVE-2022-1759 – RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF
https://notcve.org/view.php?id=CVE-2022-1759
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping El plugin RB Internal Links de WordPress versiones hasta 2.0.16, no presenta comprobación de tipo CSRF cuando es actualizada su configuración, lo que podría permitir a atacantes hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF, así como llevar a cabo ataques de tipo Cross-Site Scripting Almacenado debido a una falta de saneo y escape • https://wpscan.com/vulnerability/d8e63f78-f38a-4f68-96ba-8059d175cea8 • CWE-352: Cross-Site Request Forgery (CSRF) •