2 matches found
CVE-2022-1759 RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escap...
CVE-2022-1759
The CVE pertains to the WordPress plugin RB Internal Links (versions up to 2.0.16). The issue is a CSRF deficiency when updating plugin settings, enabling a logged-in attacker to induce an admin to modify settings, and it also enables Stored Cross-Site Scripting due to insufficient sanitisation/e...