Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Simple_urls
(Getlasso)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-13 | CVE-2023-0099 | The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | Simple_urls | 6.1 | ||
| 2023-11-30 | CVE-2023-40674 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118. | Simple_urls | 5.4 | ||
| 2023-02-13 | CVE-2023-0098 | The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. | Simple_urls | 8.8 | ||
| 2023-10-16 | CVE-2023-45606 | Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions. | Simple_urls | 8.8 | ||
| 2023-09-27 | CVE-2023-40667 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions. | Simple_urls | 6.1 |