CVE-2025-0804

Medium CVSS: 6.4

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Flowdee

Product

Clickwhale

CWE

CWE-79

Yayın Tarihi

2025-01-29 04:15:07

Güncelleme

2025-05-23 15:27:23

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Clickwhale MEDIUM Flowdee 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3219341/clickwhale/tags/2.4.2/includes/admin/links/Clickwhale_Links_List_Table.php https://www.wordfence.com/threat-intel/vulnerabilities/id/bf41b5e1-610e-4159-9325-f7a694380050?source=cve

Benzer Kayıtlar

High

CVE-2025-47612

Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access…

High

CVE-2025-26963

Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.Th…

Medium

CVE-2024-11327

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is…

Unknown

CVE-2024-51715

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickWhale ClickWh…