Lucene search
+L

842 matches found

Malwarebytes
Malwarebytes
added 2026/01/19 8:1 a.m.8 views

A week in security (January 12 – January 18)

Last week on Malwarebytes Labs: WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping Dutch police sell fake tickets to show how easily scams work "Reprompt" attack lets attackers steal data from Microsoft Copilot Phishing scammers are posting fake "account restricted...

5.5AI score
Exploits0
CNVD
CNVD
added 2026/01/19 12:0 a.m.5 views

WordPress LinkedIn SC plugin cross-site scripting vulnerability

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

4.4CVSS6AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 7:23 a.m.10 views

CVE-2026-0812

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS5AI score0.00193EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/01/14 3:55 p.m.9 views

Phishing scammers are posting fake “account restricted” comments on LinkedIn

Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has " engaged in activities that are not in compliance" with LinkedIn's policies and that their account has been " temporarily restricted" until they submit an appeal through a specified link in the comment...

7AI score
Exploits0
NVD
NVD
added 2026/01/14 7:16 a.m.10 views

CVE-2026-0812

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 6:40 a.m.34 views

CVE-2026-0812 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 6:40 a.m.3 views

CVE-2026-0812 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS4.7AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/14 6:40 a.m.6 views

EUVD-2026-2526

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedinscdateformat', 'linkedinscapikey', and 'linkedinscsecretkey' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible...

4.4CVSS4.7AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/01/14 6:40 a.m.25 views

CVE-2026-0812

The CVE-2026-0812 entry concerns the WordPress LinkedIn SC plugin (

4.4CVSS4.7AI score0.00193EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.8 views

WordPress plugin LinkedIn SC 跨站脚本漏洞

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

4.4CVSS6AI score0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.8 views

PT-2026-2844

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedin sc date format', 'linkedin sc api key', and 'linkedin sc secret key' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS5AI score0.00193EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/13 11:14 p.m.10 views

WordPress LinkedIn SC plugin <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Page vulnerability discovered by 0x34rth in WordPress Plugin LinkedIn SC versions = 1.1.9...

4.4CVSS5.5AI score0.00193EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.6 views

CVE-2025-23897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...

6.5CVSS7.2AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.6 views

CVE-2025-23542

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP Linkedin Login: from n/a through = 1.7.0...

7.1CVSS7.2AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.7 views

CVE-2025-23937

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...

8.1CVSS7.2AI score0.00981EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2025/12/31 12:3 p.m.5 views

LinkedIn Job Scams

Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers high-paying roles. In Kenya, the recruitment industry is largely unorganized, so scamsters leverage fake personal referrals. I...

7AI score
Exploits0
Patchstack
Patchstack
added 2025/12/16 6:10 p.m.28 views

WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...

6.1CVSS6.1AI score0.00212EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.32 views

CVE-2025-12077 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage

The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00212EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/11/26 2:11 p.m.7 views

Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware

Researchers have discovered a new attack targeting Mac users. It lures them to a fake job website, then tricks them into downloading malware via a bogus software update. The attackers pose as recruiters and contact people via LinkedIn, encouraging them to apply for a role. As part of the...

7.5AI score
Exploits0
EUVD
EUVD
added 2025/11/22 12:46 p.m.4 views

EUVD-2025-198554

Malicious code in linkedin-ui npm...

6.6AI score
Exploits0
Rows per page
Query Builder