CVE-2023-45104 – BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export
https://notcve.org/view.php?id=CVE-2023-45104
The BetterLinks plugin for WordPress is vulnerable to unauthorized access and modification due to insufficient capability checks on the import_data and export_data functions in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to import and export plugin data. • CWE-285: Improper Authorization •
CVE-2021-24812 – BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24812
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. El plugin BetterLinks de WordPress versiones anteriores a 1.2.6, no sanea ni escapa de algunos campos imported link, que podría conllevar problemas de tipo Cross-Site Scripting almacenado cuando un administrador importa un CSV malicioso • https://wpscan.com/vulnerability/6bc8fff1-ff10-4175-8a46-563f0f26f96a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •