The Plugin “Hyperlink Group Block” has a security vulnerability.

  • Warren

    (@rabbitwordpress)


    1 year, 1 month ago

    Type: Plugin Vulnerable

    Issue Found 19th April 2025 9:01 pm Critical

    Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Hyperlink Group Block” until a patched version is available.

    Description

    The Hyperlink Group Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. References.

    Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hyperlink-group-block/hyperlink-group-block-201-authenticated-contributor-stored-cross-site-scripting

    ————————————–

    Hi there,

    Is a patch for this going to be pushed out soon or should we deactivate and do a workaround alternative?

    Thanks
    Warren

    • This topic was modified 1 year, 1 month ago by Warren.
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘The Plugin “Hyperlink Group Block” has a security vulnerability.’ is closed to new replies.