CVE-2022-4199
- EPSS 0.07%
- Published 16.01.2023 16:15:11
- Last modified 21.11.2024 07:34:46
The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow...
CVE-2021-25091
- EPSS 0.21%
- Published 01.02.2022 13:15:09
- Last modified 21.11.2024 05:54:20
The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2021-25092
- EPSS 0.1%
- Published 01.02.2022 13:15:09
- Last modified 21.11.2024 05:54:20
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack
CVE-2021-25093
- EPSS 0.47%
- Published 01.02.2022 13:15:09
- Last modified 21.11.2024 05:54:20
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request