Ylefebvre

ylefebvre

17 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Bilingual Linker

bilingual_linker

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-46237 1Ylefebvre 1Link Library Jun 17, 2026 Apr 22, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Stored XSS.This issue affects Link Library: from n/a through <= 7.8.
CVE-2024-13441 1Ylefebvre 1Bilingual Linker Jun 17, 2026 Jan 25, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output esc...Show more The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-13404 1Ylefebvre 1Link Library Jun 17, 2026 Jan 21, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. T...Show more The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-38711 1Ylefebvre 1Link Library Jun 17, 2026 Jul 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1.
CVE-2024-35687 1Ylefebvre 1Link Library Jun 17, 2026 Jun 8, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a throu...Show more Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.Show less
CVE-2024-4281 1Ylefebvre 1Link Library Jun 17, 2026 May 8, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output...Show more The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-2325 1Ylefebvre 1Link Library Jun 17, 2026 Apr 9, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. Thi...Show more The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-29123 1Ylefebvre 1Link Library Jun 17, 2026 Mar 19, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.
CVE-2024-1559 1Ylefebvre 1Link Library Jun 17, 2026 Feb 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. T...Show more The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-24875 1Ylefebvre 1Link Library Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13.
CVE-2024-24879 1Ylefebvre 1Link Library Jun 17, 2026 Feb 8, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.
CVE-2023-31071 1Ylefebvre 1Modal Dialog Jun 17, 2026 Aug 17, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.14 versions.
CVE-2023-24001 2Modal Dialog Project Ylefebvre 2Modal Dialog Modal Dialog Jun 17, 2026 Apr 6, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.
CVE-2022-4199 1Ylefebvre 1Link Library Jun 17, 2026 Jan 16, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2021-25093 1Ylefebvre 1Link Library Jun 17, 2026 Feb 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request
CVE-2021-25092 1Ylefebvre 1Link Library Jun 17, 2026 Feb 1, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack
CVE-2021-25091 1Ylefebvre 1Link Library Jun 17, 2026 Feb 1, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting