Vulnerabilities and security researches forwp-links-page wp-links-page

Nov 10, 2025

CVE, Research URL: CVE-2025-10175
Home page URL: Security reports for WP Links Page
Application: WP Links Page
Date: Oct 11, 2025
Research Description: The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 4.9.6.
Status: vulnerable

Jul 25, 2025

CVE, Research URL: CVE-2025-30998
Home page URL: Security reports for WP Links Page
Application: WP Links Page
Date: Aug 14, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.
Affected versions: max 4.9.6.
Status: vulnerable

Jul 14, 2024

CVE, Research URL: CVE-2024-6465
Home page URL: Security reports for WP Links Page
Application: WP Links Page
Date: Jul 13, 2024
Research Description: The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to regenerate the link's thumbnail image.
Affected versions: max 4.9.6.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2023-47651
Home page URL: Security reports for WP Links Page
Application: WP Links Page
Date: Nov 19, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4.
Affected versions: max 4.9.5.
Status: vulnerable

CVE, Research URL: CVE-2023-22720
Home page URL: Security reports for WP Links Page
Application: WP Links Page
Date: May 11, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.
Affected versions: max 4.9.4.
Status: vulnerable