CVE-2024-11327

Medium CVSS: 6.1

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Vendor

Flowdee

Product

Clickwhale

CWE

CWE-79

Yayın Tarihi

2025-01-11 03:15:19

Güncelleme

2025-06-05 15:19:23

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Clickwhale MEDIUM Flowdee 2025

Referanslar

https://plugins.trac.wordpress.org/browser/clickwhale/tags/2.3.0/includes/admin/links/Clickwhale_Links_List_Table.php#L384 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3219341%40clickwhale&new=3219341%40clickwhale&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/96c5836f-6d33-4a56-b30b-5e5d95b81b6b?source=cve

Benzer Kayıtlar

High

CVE-2025-47612

Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access…

High

CVE-2025-26963

Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.Th…

Medium

CVE-2025-0804

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is…

Unknown

CVE-2024-51715

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickWhale ClickWh…