Lucene search
K

842 matches found

Hacker One
Hacker One
added 2025/05/17 8:43 a.m.6 views

LinkedIn: Previous commentor on post can still comment even after comment permission is changed to disabled

A logic error existed in the comment permission system that allowed users who had previously commented on a post to continue posting additional comments even after the post owner disabled commenting functionality. The vulnerability occurred when an account created a post with comments enabled,...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/15 9:10 a.m.19 views

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 t...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2025/04/06 5:28 p.m.880 views

LinkedIn: HTML Injection in LinkedIn Premium Support Chat

The vulnerability exists in the LinkedIn Premium support chat interface where unsanitized HTML input was rendered directly in the chat window. An attacker could have exploited this by injecting malicious HTML such as clickable links, potentially leading to phishing or redirection attacks on...

6.9AI score
Exploits0
NVD
NVD
added 2025/03/26 3:16 p.m.6 views

CVE-2025-23937

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...

8.1CVSS0.00981EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 3:15 p.m.6 views

CVE-2025-23542

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP Linkedin Login: from n/a through = 1.7.0...

7.1CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 2:24 p.m.54 views

CVE-2025-23937

CVE-2025-23937 is a Local File Inclusion (LFI) vulnerability in the WordPress plugin LinkedIn Lite (versions

8.1CVSS7.2AI score0.00981EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 2:24 p.m.5 views

CVE-2025-23937 WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...

8.1CVSS7.2AI score0.00981EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 2:24 p.m.17 views

CVE-2025-23937 WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...

8.1CVSS0.00981EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 2:24 p.m.14 views

CVE-2025-23542 WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP Linkedin Login: from n/a through = 1.7.0...

7.1CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 2:24 p.m.5 views

CVE-2025-23542 WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login allows Reflected XSS. This issue affects RDP Linkedin Login: from n/a through 1.7.0...

7.1CVSS7.2AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 2:24 p.m.48 views

CVE-2025-23542

CVE-2025-23542 is a reflected XSS in the WordPress plugin RDP Linkedin Login (vendor: WordPress plugin, affected: versions up to 1.7.0). The NVD/Red Hat and CVE enrichment confirm the flaw stems from improper input neutralization during web page generation, enabling reflected XSS. CVSSv3.1 base s...

7.1CVSS7.2AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.2 views

WordPress plugin LinkedIn Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS8.8AI score0.00981EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.3 views

WordPress plugin RDP Linkedin Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.3AI score0.00277EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/18 11:47 a.m.3 views

WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin RDP Linkedin Login versions = 1.7.0...

7.1CVSS7.6AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/03/17 11:25 a.m.4 views

WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin LinkedIn Lite versions = 1.0...

8.1CVSS9AI score0.00981EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/03/14 12:15 p.m.5 views

CVE-2024-13773

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including Linked...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.4 views

WordPress plugin Civi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS8.8AI score0.00255EPSS
Exploits0References4
HackRead
HackRead
added 2025/03/05 9:50 a.m.5 views

LinkedIn Phishing Scam: Fake InMail Messages Spreading ConnectWise Trojan

Cofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails…...

7.5AI score
Exploits0
CVE
CVE
added 2025/03/05 9:21 a.m.58 views

CVE-2025-1515

CVE-2025-1515 affects the WordPress plugin WP Real Estate Manager (versions up to and including 2.8). The root cause is insufficient identity verification in the LinkedIn login flow , enabling an unauthenticated attacker to perform an authentication bypass and log in as any user, including admini...

9.8CVSS7.5AI score0.00514EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/05 9:21 a.m.5 views

CVE-2025-1515 WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover

The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official...

9.8CVSS7.5AI score0.00514EPSS
Exploits0References2
Rows per page
Query Builder