Link Library
by Unknown
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4199 | 0.00 | — | 0.00 | Jan 16, 2023 | The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||
| CVE-2021-25093 | 0.00 | — | 0.01 | Feb 1, 2022 | The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | ||
| CVE-2021-25092 | 0.00 | — | 0.00 | Feb 1, 2022 | The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack | ||
| CVE-2021-25091 | 0.00 | — | 0.00 | Feb 1, 2022 | The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting |