Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin 2.1.10

  • Severity: high-risk
  • Status: Fixed
  • Publication: June 19, 2019

The Pretty Links plugin for WordPress contains a security vulnerability which could be exploited by an unauthenticated attacker. This vulnerability is present in versions up to and including 2.1.9. Attackers could inject malicious web scripts into pages, which will execute whenever a user accesses one of these pages. This is possible due to insufficient input sanitization and output escaping in the track_link function, via various IP headers and the referer header.

Detected in:

Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin fixed vulnerable versions: >= * < 2.1.10
PrettyLinks – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin fixed vulnerable versions:
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and fixed vulnerable versions:
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.