Description

WordPress Plugin WP No External Links is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin WP No External Links version 4.2.2 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Scripting (2.0.4)

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955)

PostgreSQL Numeric Errors Vulnerability (CVE-2014-2669)

WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update