WordPress Plugin Vulnerabilities

RDP Linkedin Login <= 1.7.0 - Reflected Cross-Site Scripting

Description

The RDP Linkedin Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
rdp-linkedin-login
No known fix

References

CVE
CVE-2025-23542
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a0314ab-4658-48c4-9a90-48a19cbceeaa

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
João Pedro Soares de Alcântara
Verified
No
WPVDB ID
016c1644-afe1-411b-b701-4f993bc9135f

Timeline

Publicly Published
2025-03-18 (about 11 months ago)
Added
2025-03-25 (about 11 months ago)
Last Updated
2025-03-25 (about 11 months ago)

Other

Published
Title
Published
2025-10-12
Title
TheGem Theme Elements (for Elementor) < 5.10.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-05-09
Title
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.103 - Reflected Cross-Site Scripting
Published
2021-07-29
Title
Alojapro Widget < 1.1.16 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2025-04-17
Title
Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL
Published
2025-05-07
Title
N360 | Splash Screen < 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting