3 matches found
WordPress Internal Link Juicer: SEO Auto Linker for WordPress Plugin <= 2.23.4 is vulnerable to Cross Site Scripting (XSS)
Software Internal Link Juicer: SEO Auto Linker for WordPress Type Plugin Vulnerable versions = 2.23.4 Fixed in 2.23.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0657 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...
CVE-2024-0657 Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes i...
CVE-2024-0657
CVE-2024-0657 affects the Internal Link Juicer (WordPress) where Stored XSS can be injected via admin settings (e.g., ilj_settings_field_links_per_page) in all versions up to 2.23.4 due to insufficient input sanitization/output escaping. Attackers with administrator privileges can execute scripts...