CVE-2026-33319

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

CVE-2025-12077 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage

The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress Ultimate LinkedIn Integration Plugin <= 0.9.0 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate LinkedIn Integration Type Plugin Vulnerable versions = 0.9.0 Fixed in 1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID fb8c20286a76 Credits Rafie Muhammad Patchstac...