CVE-2024-3555

Name of the Vulnerable Software and Affected Versions The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress versions up to, and including, 1.6.9

Description The issue is related to a missing capability check on the import link pages() function, allowing unauthenticated attackers to inject arbitrary pages and malicious web scripts. This enables unauthorized access to the system.

Recommendations For versions up to, and including, 1.6.9, consider disabling the import link pages() function until a patch is available to prevent unauthorized access and arbitrary page injection. Restrict access to sensitive areas of the plugin to minimize the risk of exploitation. Update to a version later than 1.6.9 when available.