Aggregates CVE and security vulnerability intelligence across all k-78-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk sql injection; exposure may include vendor impact session compromise and vendor impact data exposure in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-9468 | The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | [email protected] | 6.1 | 0.19% | 2019-10-10 | 2024-11-21 |
| CVE-2015-9467 | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | [email protected] | 9.8 | 0.66% | 2019-10-10 | 2024-11-21 |
| CVE-2015-9453 | The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | [email protected] | 6.1 | 0.33% | 2019-10-07 | 2024-11-21 |