Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
links vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-4482
The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor ...
Michaeluno Auto Amazon Links
5.4
CVSSv3
CVE-2023-0375
The Easy Affiliate Links WordPress plugin prior to 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
Bootstrapped Easy Affiliate Links
8.8
CVSSv3
CVE-2023-47651
Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a up to and including 4.9.4.
Wplinkspage Wp Links Page
6.1
CVSSv3
CVE-2023-47652
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a up to and including 6.4.2.4.
Autoaffiliatelinks Auto Affiliate Links
8.8
CVSSv3
CVE-2023-25973
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
Autoaffiliatelinks Auto Affiliate Links
NA
CVE-2006-0067
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Vego Vego Links Builder
NA
CVE-2006-6147
Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote malicious users to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.
Jiros Links Manager 1.0
2 EDB exploits
5.4
CVSSv3
CVE-2023-22696
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions.
Custom4web Affiliate Links Lite
NA
CVE-2008-0879
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a viewlink action.
Phpnuke Web Links Module
1 EDB exploit
NA
CVE-2006-6148
Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote malicious users to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from...
Jiros Links Manager 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »