67 matches found
CVE-2011-4595
Pretty-Link WordPress plugin 1.5.2 has XSS...
CVE-2025-23688
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in editionskezzal Cobwebo URL Plugin cobwebo-url allows Reflected XSS.This issue affects Cobwebo URL Plugin: from n/a through = 1.0...
Malicious code in atlassian-static-assets-url-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-45400 CKEditor Open Link plugin vulnerable to Cross-site Scripting
ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...
PT-2024-31604 · Ckeditor · Ckeditor Open Link Plugin
Name of the Vulnerable Software and Affected Versions: ckeditor-plugin-openlink versions prior to 1.0.7 Description: A vulnerability in the ckeditor-plugin-openlink plugin for the CKEditor JavaScript text editor allowed a user to execute JavaScript code by abusing the link href attribute. This...
WordPress plugin Short URL 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...
CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...
Open Link Security Vulnerability
Open Link plugin is a very simple plugin by Marek Lewandowski personal developer. It is possible to extend the context menu and open links in new tabs. A security vulnerability exists in versions prior to Open Link 1.0.5, which stems from a cross-site scripting vulnerability in the Open Link...
PT-2024-27812 · Ckeditor · Ckeditor Open Link Plugin
Name of the Vulnerable Software and Affected Versions: CKEditor Open Link plugin versions prior to 1.0.5 Description: The issue allows execution of JavaScript code by abusing the link href attribute. It affects users of the Open Link plugin. Recommendations: For versions prior to 1.0.5, update to...
CVE-2024-5536
The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipresslink shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5536 GamiPress – Link <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipresslink shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2023-17109 · WordPress · Short Url Plugin
Name of the Vulnerable Software and Affected Versions: Short URL plugin for WordPress versions up to, and including, 1.6.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing stored Cross-Site Scripting attacks via the comment parameter. This enables...
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
Impact Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. Patches...
CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
Plate 跨站脚本漏洞
Plate is an open source plugin system for Udecode that makes it easier to build full-featured editors. Plate suffers from a cross-site scripting vulnerability that stems from the link plugin and link UI component not cleaning up URLs to prevent the use of the javascript: header...
CVE-2023-26011
Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...
CVE-2023-26011
Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...
CVE-2023-26011 WordPress Read More Excerpt Link Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...
GHSA-PP8M-PRR7-WR8W Jenkins Sidebar Link Plugin vulnerable to Path Traversal
Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...