64 matches found
EUVD-2026-10124
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-1073
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-1073 Purchase Button For Affiliate Link <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-25310
CVE-2026-25310: A SSRF vulnerability in the WordPress Extend Link plugin (extend-link) affects versions from n/a up to and including 2.0.0. The issue arises from extend-link allowing SSRF; CVSS 3.1 base score 4.9 (NETWORK, HIGH complexity, LOW privileges). Impact: confidentiality and integrity ma...
CVE-2026-25310 WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...
WordPress plugin Extend Link 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Short Link plugin cross-site scripting vulnerability
WordPress Short Link plugin is a class of tools for generating and managing short links Shortlinks. A cross-site scripting vulnerability exists in the WordPress Short Link plugin, which stems from insufficient input cleanup and output escaping of the shortlinkposttitle and shortlinkpagetitle...
CVE-2026-0813 Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
EUVD-2026-2523
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortlinkposttitle' and 'shortlinkpagetitle' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
WordPress Short Link plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Administration Settings Page vulnerability discovered by 0x34rth in WordPress Plugin Short Link versions = 1.0...
WordPress plugin Simple Keyword to Link 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2022-2321
Malicious code in bioql PyPI...
EUVD-2023-1682
Malicious code in bioql PyPI...
EUVD-2022-24932
Malicious code in bioql PyPI...
EUVD-2024-46738
Malicious code in bioql PyPI...
MAL-2025-41319 Malicious code in remark-canonical-link-plugin (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1b975fb6f22bd9fcdcea9c2ef29c6fadc73269624920351490d8cda8e561199d The OpenSSF Package Analysis project identified...
MAL-2025-41320 Malicious code in remark-cross-site-link-plugin (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8c7fd443fcaba7627f28aa45f16610fef8703f54b0f2dad9c22642c2d428a278 The OpenSSF Package Analysis project identified...
CVE-2023-32985
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2022-1645
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2011-4595
Pretty-Link WordPress plugin 1.5.2 has XSS...