CVE-2022-2148

The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Malicious code in gd-company-updates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c1253df2e743d9b41ff76588069c9ee739cc67b4ca244e95405d4b949bcdfb2b The OpenSSF Package Analysis project identified 'gd-company-updates' @ 14.999.0 npm as malicious. It is considered malicious because: - The...

MAL-2023-1185 Malicious code in gd-company-updates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c1253df2e743d9b41ff76588069c9ee739cc67b4ca244e95405d4b949bcdfb2b The OpenSSF Package Analysis project identified 'gd-company-updates' @ 14.999.0 npm as malicious. It is considered malicious because: - The...

WordPress LinkedIn Company Updates plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin LinkedIn Company Updates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Client ID" settings: "/...

LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "Client ID" settings: "/...

WordPress LinkedIn Company Updates plugin <= 1.5.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress LinkedIn Company Updates plugin versions = 1.5.3. Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available for...