RSS   Vulnerabilities for 'Link library'   RSS

2022-02-01
 
CVE-2021-25091

CWE-79
 

 
The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

 
 
CVE-2021-25092

CWE-352
 

 
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack

 
 
CVE-2021-25093

CWE-862
 

 
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request

 


Copyright 2024, cxsecurity.com

 

Back to Top