WordPress Plugin Vulnerabilities

WP No External Links 4.2.1-4.2.2 - Backdoored

Description

Even though one of the WP dev removed the malicious code and released version 4.3 (https://plugins.trac.wordpress.org/browser/wp-noexternallinks?rev=1791413), the plugin is still closed for new installs.

Affects Plugins

Plugin icon
wp-noexternallinks
Fixed in 4.3

References

URL
https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Miscellaneous

Submitter
erwanlr
Submitter website
https://wpscan.org
Submitter twitter
erwan_lr
Verified
Yes
WPVDB ID
56aa3c30-1ec0-426b-a25e-48defd124db8

Timeline

Publicly Published
2017-12-28 (about 8 years ago)
Added
2017-12-28 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-06-25
Title
Various Plugins <= Various Version - Use of Polyfill.io
Published
2026-04-07
Title
Smart Slider 3 Pro 3.5.1.35 - Compromised Plugin
Published
2019-03-29
Title
Pipdig Power Pack < 4.8.0 - Vendor Backdoors & Suspicious Code
Published
2025-07-11
Title
GravityForms 2.9.11.1 / 2.9.12 - Malware Compromise
Published
2014-07-29
Title
Beefbind - BeEF RCE Plugin