G Auto-Hyperlink <= 1.0.1 - SQL Injection

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection id: CVE-2021-24627 info: name: G Auto-Hyperlink = 1.0.1 - SQL...

CVE-2021-24627

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection...

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

CVE-2022-2600

The CVE-2022-2600 entry concerns the WordPress plugin Auto-hyperlink URLs (versions through 5.4.1). The underlying issue is that generated links do not include rel="noopener noreferer", enabling Tab Nabbing and potentially exposing the source tab via window.opener. The vulnerability impact, as do...

CVE-2022-2600 Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object...

WordPress plugin Auto-hyperlink URLs 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Auto-hyperlink URLs plugin <= 5.4.1 - Tab Nabbing vulnerability

Tab Nabbing vulnerability discovered by Daniel Ruf in WordPress Auto-hyperlink URLs plugin versions = 5.4.1. Solution Deactivate and delete. This plugin has been closed as of July 18, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress G Auto-Hyperlink Plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress G Auto-Hyperlink plugin in version 1.0.1 and earlier,...

CVE-2021-24627

The CVE-2021-24627 entry concerns the WordPress plugin G Auto-Hyperlink (versions up to 1.0.1). The vulnerability arises from insufficient sanitization/escaping of the id GET parameter, which is interpolated into a SQL statement used to fetch data for the admin dashboard. This yields an authentic...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress G Auto-Hyperlink plugin in version 1.0.1 and earlier,...

G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection

The plugin does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/g-auto-hyperlink/trunk/g-auto-hyperlink.phpL271 Open the...

WordPress G Auto-Hyperlink plugin <= 1.0.1 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress G Auto-Hyperlink plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...