Pretty Link Lite

Reflected Cross-Site Scripting (XSS) Vulnerability in Pretty Link Lite

We recently discovered the Pretty Link Lite plugin had a reflected cross-site scripting (XSS) vulnerability. In version 1.6.8, and some prior versions, the file /classes/views/shared/link-table-nav.php was echoing a GET variable without escaping it. That occurred on line 17:

<a class='prev page-numbers' href='?page=<?php echo esc_html($_REQUEST['page'].$page_params); ?>&paged=<?php echo ($current_page-1); ?>&size=<?php echo $_REQUEST['size']; ?>'>&laquo;</a>

line 31: [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Pretty Link Lite

Reflected Cross-Site Scripting (XSS) Vulnerability in Pretty Link Lite