The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Fri, 23 May 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Flowdee
Flowdee clickwhale |
|
CPEs | cpe:2.3:a:flowdee:clickwhale:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Flowdee
Flowdee clickwhale |
Wed, 29 Jan 2025 03:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published: 2025-01-29T03:21:23.753Z
Updated: 2025-02-12T19:51:15.237Z
Reserved: 2025-01-28T14:53:15.819Z
Link: CVE-2025-0804

No data.

Status : Analyzed
Published: 2025-01-29T04:15:07.193
Modified: 2025-05-23T15:27:23.890
Link: CVE-2025-0804

No data.