CVE-2016-10988

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebookmessage, facebooklinkname, facebookcaption, facebookdescription, defaultimage, or wphttpreferer...

CVE-2016-10989

The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkmefacebook CSRF...

EUVD-2016-1980

Malware in sbrugna...

EUVD-2016-1979

Malware in sbrugna...

CVE-2016-10988

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebookmessage, facebooklinkname, facebookcaption, facebookdescription, defaultimage, or wphttpreferer...

CVE-2016-10989

The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkmefacebook CSRF...

Design/Logic Flaw

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebookmessage, facebooklinkname, facebookcaption, facebookdescription, defaultimage, or wphttpreferer...

CVE-2016-10989

The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkmefacebook CSRF...

CVE-2016-10988

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebookmessage, facebooklinkname, facebookcaption, facebookdescription, defaultimage, or wphttpreferer...

WordPress leenk.me 2.5.0 Cross Site Request Forgery / Cross Site Scripting

I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page wp-content/plugins/leenkme/facebook.php XSS vulnerable Fields are : - facebookmessage - facebooklinkname -...