Stored XSS Vulnerability in Leenkme Plugin for WordPress
CVE-2016-10988

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Leenk.me
Vendor
CVE Published:
17 September 2019

Summary

The Leenkme plugin for WordPress, prior to version 2.6.0, contains a stored Cross-Site Scripting (XSS) vulnerability. This issue arises from how the plugin handles user input related to facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, and _wp_http_referer, allowing attackers to inject malicious scripts. These scripts could then be executed in the context of users visiting the compromised site, potentially leading to exposure of sensitive information, account hijacking, or other malicious activities.

References

https://wpvulndb.com/vulnerabilities/8457
x_refsource_MISC
https://wordpress.org/plugins/leenkme/#developers
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2016/04/16/4
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.