Vulnerabilites related to caseproof - prettylinks
Vulnerability from fkie_nvd
Published
2020-01-10 14:15
Modified
2025-02-13 16:11
Severity ?
Summary
Pretty-Link WordPress plugin 1.5.2 has XSS
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/ | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2011/12/08/5 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/12/08/5 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caseproof | prettylinks | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caseproof:prettylinks:1.5.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "F4EB0693-AD62-4850-9712-5F9A8384A138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pretty-Link WordPress plugin 1.5.2 has XSS"
},
{
"lang": "es",
"value": "El plugin Pretty-Link versi\u00f3n 1.5.2 para WordPress, tiene una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2011-4595",
"lastModified": "2025-02-13T16:11:58.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-10T14:15:09.950",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/08/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-10 16:15
Modified
2025-02-13 16:11
Severity ?
Summary
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/pretty-link/#developers | Release Notes | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/8249 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/pretty-link/#developers | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/8249 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caseproof | prettylinks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:free:*:*:*",
"matchCriteriaId": "46780791-D64C-407D-BE90-EF0B259A5170",
"versionEndExcluding": "1.6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter."
},
{
"lang": "es",
"value": "El plugin pretty-link versiones anteriores a 1.6.8 para WordPress, presenta una inyecci\u00f3n SQL de la funci\u00f3n PrliLinksController::list_links por medio del par\u00e1metro group."
}
],
"id": "CVE-2015-9457",
"lastModified": "2025-02-13T16:11:58.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-10T16:15:10.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wordpress.org/plugins/pretty-link/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wordpress.org/plugins/pretty-link/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/8249"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-23 04:15
Modified
2025-02-13 16:32
Severity ?
Summary
The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caseproof | prettylinks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "6842B1E1-1B7B-4499-A833-EBFDEC4F19AF",
"versionEndIncluding": "3.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking \u0026 Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin\u0027s configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking \u0026amp; Marketing Plugin para WordPress es vulnerable a cross-site request forgery en todas las versiones hasta la 3.6.3 incluida. Esto se debe a que falta una validaci\u00f3n nonce o es incorrecta al guardar la configuraci\u00f3n del complemento. Esto hace posible que atacantes no autenticados cambien la configuraci\u00f3n del complemento, incluida la integraci\u00f3n de franjas, a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"id": "CVE-2024-2326",
"lastModified": "2025-02-13T16:32:17.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-03-23T04:15:08.757",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3049386%40pretty-link\u0026new=3049386%40pretty-link\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3049386%40pretty-link\u0026new=3049386%40pretty-link\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-12 14:55
Modified
2025-02-13 16:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B2E67D-328E-464E-9515-11CCA4981683",
"versionEndIncluding": "1.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:caseproof:prettylinks:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC8B0DD-82DA-4E41-A4B1-B3B80AF1C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:caseproof:prettylinks:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F7FED3-B2CC-45A3-B681-6C8CB4A49A50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joobi:com_jnews:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD0BA68-0C46-490D-A823-4FE036CE2A65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB2849E-075B-4527-BC0C-16F8995FEB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D90C3D94-A671-4DDF-9EA9-2E566074C331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "120AFFD9-0A07-454F-BA0E-BA15483FA67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E96B-60C6-4E60-AFB1-0CF80E8374F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E77401-E9FB-4749-AC53-2FDCBFEEE735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1D50DEDE-0270-444B-8305-4A6A40460A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "500B70AA-A2C7-4D09-A0C7-204D9AD7DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEEF5DEB-7695-4F98-8BC9-42220C8AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "933C9C9F-8688-42CD-A2D1-905D75356741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "022E4D21-2495-4811-A5CB-E25109A5775C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "439DEFCA-A232-4C2D-AB74-99A39965B15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5138B28C-EB4E-424F-9917-1E958BCF88FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D8E402-A368-4A18-9655-E137DAC3E847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF0E728-E3EB-46CC-80D2-8BE48095DF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB4A1BA-9414-4953-BD13-5439020022C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A48C77-41A4-4991-A0A4-622BB0AE2474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C58952C9-A419-43C1-8E3E-230DCFC3497A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B935BAA-681C-4E4C-A40E-65C3AD8EF17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9D3805-A64D-4F33-847C-391225BD4EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0743EE73-C87F-4D3D-9542-2F640A99E630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2119DA-2E27-4FA5-9C7D-698A3E9A524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C684AD9B-7BEE-410B-AA1F-C1C4C002BB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "888273E2-F272-4445-985F-CB9C6F02716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F4746C-7656-43AD-B14B-66D72E9BA7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0AADD5-E0B7-4626-A35E-C37FD3A74306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E932CC-5C45-4E7A-A526-EA8F9E853F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "760B8B8D-E42E-410E-BFEC-A2B90BAA57FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8C5031-3ABA-4C0A-BFDE-DAA531D8E3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CBF12E-640F-4752-8F52-B5B3D4015FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A22C3AE-2E98-465C-B24C-725BEB99E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21DDDCA1-78A1-4FFB-B180-7D0D20FE4FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5B0394-3C38-454F-BF55-82AADCDEBE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3D157E-9132-4EA9-A395-6E46C4C3C032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33E5813B-160F-48B2-91B2-4599048028A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A767A-D530-479B-9E3B-6FB49FD0B8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8D80D5F9-B4D9-41C9-B157-3FE31B54EDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1647D812-6174-4613-B57B-8BEF5C3877C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074C6767-AC29-4A80-8A51-16DD69BFEAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6A4EB0-3143-41AF-B4CF-26C736BEF2A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BBCB1-99D0-4634-BAD6-495B9D040A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC01A92-9252-4184-B11A-39D077E761C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en open-flash-chart.swf en Open Flash Chart (tambi\u00e9n conocido como Open-Flash Chart), utilizado en el plugin Pretty Link Lite anterior a 1.6.3 para WordPress, el componente 8.0.1 de JNews (com_jnews) para Joomla! y CiviCRM 3.1.0 hasta 4.2.9 y 4.3.0 hasta 4.3.3, permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro get-data."
}
],
"id": "CVE-2013-1636",
"lastModified": "2025-02-13T16:03:03.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-12T14:55:26.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90435"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/plugins/pretty-link/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/plugins/pretty-link/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-2326
Vulnerability from cvelistv5
Published
2024-03-23 03:33
Modified
2024-08-01 19:11
Severity ?
EPSS score ?
Summary
The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| supercleanse | Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin |
Version: * ≤ 3.6.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T17:02:58.448590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:01.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3049386%40pretty-link\u0026new=3049386%40pretty-link\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking \u0026 Marketing Plugin",
"vendor": "supercleanse",
"versions": [
{
"lessThanOrEqual": "3.6.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking \u0026 Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin\u0027s configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T03:33:42.485Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3049386%40pretty-link\u0026new=3049386%40pretty-link\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-22T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2326",
"datePublished": "2024-03-23T03:33:42.485Z",
"dateReserved": "2024-03-08T16:03:08.349Z",
"dateUpdated": "2024-08-01T19:11:53.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4595
Vulnerability from cvelistv5
Published
2020-01-10 13:20
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Pretty-Link WordPress plugin 1.5.2 has XSS
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2011/12/08/5 | x_refsource_MISC | |
| https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pretty-link | pretty-link plugin |
Version: 1.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/08/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pretty-link plugin",
"vendor": "pretty-link",
"versions": [
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pretty-Link WordPress plugin 1.5.2 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T13:20:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/12/08/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pretty-link plugin",
"version": {
"version_data": [
{
"version_value": "1.5.2"
}
]
}
}
]
},
"vendor_name": "pretty-link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pretty-Link WordPress plugin 1.5.2 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/12/08/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/12/08/5"
},
{
"name": "https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/plugin-pretty-link-lite-152-xss-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4595",
"datePublished": "2020-01-10T13:20:12",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:19.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1636
Vulnerability from cvelistv5
Published
2014-03-12 14:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wordpress.org/plugins/pretty-link/changelog | x_refsource_MISC | |
| http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://osvdb.org/90435 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82242 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:31.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wordpress.org/plugins/pretty-link/changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
},
{
"name": "20130220 [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF\u0026#8207;",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
},
{
"name": "90435",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90435"
},
{
"name": "prettylinklite-openflashchart-xss(82242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wordpress.org/plugins/pretty-link/changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
},
{
"name": "20130220 [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF\u0026#8207;",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
},
{
"name": "90435",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90435"
},
{
"name": "prettylinklite-openflashchart-xss(82242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/pretty-link/changelog",
"refsource": "MISC",
"url": "http://wordpress.org/plugins/pretty-link/changelog"
},
{
"name": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121623/Joomla-Jnews-8.0.1-Cross-Site-Scripting.html"
},
{
"name": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss",
"refsource": "CONFIRM",
"url": "https://civicrm.org/advisory/civi-sa-2013-002-openflashchart-xss"
},
{
"name": "20130220 [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF\u0026#8207;",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0101.html"
},
{
"name": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120433/WordPress-Pretty-Link-1.6.3-Cross-Site-Scripting.html"
},
{
"name": "90435",
"refsource": "OSVDB",
"url": "http://osvdb.org/90435"
},
{
"name": "prettylinklite-openflashchart-xss(82242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1636",
"datePublished": "2014-03-12T14:00:00",
"dateReserved": "2013-02-07T00:00:00",
"dateUpdated": "2024-08-06T15:13:31.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-9457
Vulnerability from cvelistv5
Published
2019-10-10 15:48
Modified
2024-08-06 08:51
Severity ?
EPSS score ?
Summary
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpvulndb.com/vulnerabilities/8249 | x_refsource_MISC | |
| https://wordpress.org/plugins/pretty-link/#developers | x_refsource_MISC | |
| http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/pretty-link/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T15:48:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/pretty-link/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8249",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8249"
},
{
"name": "https://wordpress.org/plugins/pretty-link/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/pretty-link/#developers"
},
{
"name": "http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html",
"refsource": "MISC",
"url": "http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9457",
"datePublished": "2019-10-10T15:48:17",
"dateReserved": "2019-10-10T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}