cleantalk
Vulnerabilities and Security Researches

Link Library, CVE-2024-4281

CVE, Research URL

CVE-2024-4281

Home page URL

Security reports for Link Library

Application

Link Library

Published on
May 08, 2024
Research Description
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 7.7.
Status
vulnerable
Previous vulnerability researches
Link Library (CVE-2021-25093) , Jun 07, 2024
Link Library (CVE-2021-25091) , Jun 07, 2024
Link Library (CVE-2021-25092) , Jun 07, 2024
Link Library (CVE-2022-4199) , Jun 07, 2024
Link Library (CVE-2024-1559) , Jun 07, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025