cleantalk
Vulnerabilities and Security Researches

elink – Embed Content, CVE-2025-7507

CVE, Research URL

CVE-2025-7507

Home page URL

Security reports for elink – Embed Content

Application

elink – Embed Content

Published on
Aug 15, 2025
Research Description
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain.
Affected versions
Min -, max 1.1.0.
Status
vulnerable
Previous vulnerability researches
Hello Elementor (CVE-2024-31289) , Jun 10, 2024
New vulnerability
B Slider – Slider for your block editor (CVE-2025-8676) , Aug 16, 2025
B Slider – Slider for your block editor (CVE-2025-8680) , Aug 16, 2025
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2025-55708) , Aug 16, 2025
WP Voting (CVE-2025-49057) , Aug 16, 2025
Simplified Plugin (CVE-2025-53241) , Aug 16, 2025