Linksoftwarellc
Products
3- 5 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32495 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0. | ||
| CVE-2025-31080 | Hig | 0.46 | 7.1 | 0.00 | Apr 1, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.1. | ||
| CVE-2024-56060 | Hig | 0.46 | 7.1 | 0.00 | Jan 2, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through <= 1.4.1. | ||
| CVE-2025-46236 | Med | 0.42 | 6.5 | 0.00 | Apr 22, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.2. | ||
| CVE-2023-50836 | Med | 0.38 | 5.9 | 0.00 | Dec 28, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28. | ||
| CVE-2023-52128 | Med | 0.28 | 4.3 | 0.00 | Jan 5, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. | ||
| CVE-2024-6243 | 0.00 | — | 0.00 | Jul 22, 2024 | The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled. | |||
| CVE-2023-24006 | 0.00 | — | 0.00 | Apr 6, 2023 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions. |
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.1.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through <= 1.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through <= 1.5.2.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.
- CVE-2024-6243Jul 22, 2024risk 0.00cvss —epss 0.00
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
- CVE-2023-24006Apr 6, 2023risk 0.00cvss —epss 0.00
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.