CVE-2024-3555

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to inject arbitrary pages and malicious web scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WordfenceCNA
7.2 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
References
https://plugins.trac.wordpress.org/browser/social-link-pages/trunk/inc/Admin.php#L462
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c025fc0-5dac-4a18-8338-fefb2a1fca5a?source=cve
https://plugins.trac.wordpress.org/browser/social-link-pages/trunk/inc/Admin.php#L462
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c025fc0-5dac-4a18-8338-fefb2a1fca5a?source=cve