Description

WordPress Plugin WP No External Links is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin WP No External Links version 4.2.2 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin Learning Courses Privilege Escalation (4.7)

Oracle Database Server CVE-2018-2841 Vulnerability (CVE-2018-2841)

WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)

MySQL CVE-2015-4816 Vulnerability (CVE-2015-4816)

MediaWiki CVE-2012-4885 Vulnerability (CVE-2012-4885)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update