5 matches found
CVE-2025-0804
CVE-2025-0804 affects the WordPress plugin “ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages” (versions up to 2.4.1). The vulnerability is a Stored Cross-Site Scripting (XSS) via link titles caused by insufficient input sanitization and output escaping....
CVE-2025-26963
CVE-2025-26963 is a CSRF vulnerability in the WordPress ClickWhale plugin (versions up to and including 2.4.3) that affects the plugin’s settings changes. The CVE entries and Red Hat/NVD/ CVE lists confirm it’s a CSRF to settings change issue affecting ClickWhale and indicate a published fix (Pat...
CVE-2024-51715
CVE-2024-51715 is a SQL injection vulnerability in ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages (ClickWhale plugin for WordPress). Connected sources confirm an authenticated (Contributor+) SQL Injection impact, affecting versions up to 2.4.1 (no n/a...
CVE-2025-47612
CVE-2025-47612 (ClickWhale) is a Missing Authorization vulnerability in the flowdee ClickWhale WordPress plugin (affected: 2.4.6 and earlier). The issue arises from incorrectly configured access control, enabling unauthorized access due to insufficient authorization checks. NVD/vectors indicate a...
CVE-2024-11327
The Connected PATCHSTACK entry confirms CVE-2024-11327 affects the WordPress plugin ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages, with a Reflected Cross-Site Scripting vulnerability caused by insufficient escaping of add_query_arg and remove_query_a...