842 matches found
LinkedIn: Previous commentor on post can still comment even after comment permission is changed to disabled
A logic error existed in the comment permission system that allowed users who had previously commented on a post to continue posting additional comments even after the post owner disabled commenting functionality. The vulnerability occurred when an account created a post with comments enabled,...
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 t...
LinkedIn: HTML Injection in LinkedIn Premium Support Chat
The vulnerability exists in the LinkedIn Premium support chat interface where unsanitized HTML input was rendered directly in the chat window. An attacker could have exploited this by injecting malicious HTML such as clickable links, potentially leading to phishing or redirection attacks on...
CVE-2025-23937
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...
CVE-2025-23542
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP Linkedin Login: from n/a through = 1.7.0...
CVE-2025-23937
CVE-2025-23937 is a Local File Inclusion (LFI) vulnerability in the WordPress plugin LinkedIn Lite (versions
CVE-2025-23937 WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...
CVE-2025-23937 WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a through = 1.0...
CVE-2025-23542 WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login rdp-linkedin-login allows Reflected XSS.This issue affects RDP Linkedin Login: from n/a through = 1.7.0...
CVE-2025-23542 WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert D Payne RDP Linkedin Login allows Reflected XSS. This issue affects RDP Linkedin Login: from n/a through 1.7.0...
CVE-2025-23542
CVE-2025-23542 is a reflected XSS in the WordPress plugin RDP Linkedin Login (vendor: WordPress plugin, affected: versions up to 1.7.0). The NVD/Red Hat and CVE enrichment confirm the flaw stems from improper input neutralization during web page generation, enabling reflected XSS. CVSSv3.1 base s...
WordPress plugin LinkedIn Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin RDP Linkedin Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin RDP Linkedin Login versions = 1.7.0...
WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin LinkedIn Lite versions = 1.0...
CVE-2024-13773
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including Linked...
WordPress plugin Civi 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
LinkedIn Phishing Scam: Fake InMail Messages Spreading ConnectWise Trojan
Cofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails…...
CVE-2025-1515
CVE-2025-1515 affects the WordPress plugin WP Real Estate Manager (versions up to and including 2.8). The root cause is insufficient identity verification in the LinkedIn login flow , enabling an unauthenticated attacker to perform an authentication bypass and log in as any user, including admini...
CVE-2025-1515 WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official...