WordPress Plugin Vulnerabilities

WP No External Links <= 3.5.18 – Authenticated Cross-Site Scripting (XSS)

Description

The wp-noexternallinks WordPress plugin was affected by security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wp-noexternallinks
Fixed in 3.5.19

References

CVE
CVE-2017-15863
URL
http://defensecode.com/advisories/DC-2017-01-022_WordPress_No_External_Links_Plugin_Advisory.pdf

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Neven Biruski
Submitter website
http://www.defensecode.com
Submitter twitter
https://twitter.com/DefenseCode/
Verified
No
WPVDB ID
f3a1afa2-f4d4-4460-ae9d-1331be7fd0a5

Timeline

Publicly Published
2017-05-31 (about 8 years ago)
Added
2017-06-01 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-10-15
Title
Custom Add to Cart Button Label and Link <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-31
Title
wpDiscuz < 7.6.12 - Unauthenticated Stored XSS
Published
2024-08-07
Title
ParcelPanel < 4.3.3 - Reflected Cross-Site Scripting
Published
2023-07-10
Title
Short URL < 1.6.5 - Admin+ Cross Site Scripting
Published
2023-05-15
Title
WooCommerce Brands < 1.6.46 - Contributor+ Stored XSS