Primary

Context

elink – Embed Content WordPress Plugin Malicious Redirect Vulnerability

Vulnerability

A vulnerability allowing malicious redirects has been identified in the elink – Embed Content plugin for WordPress, affecting all versions through 1.1.0. The issue arises from insufficient input validation, as the plugin does not restrict the URLs that can be provided through the elink shortcode. This flaw enables authenticated attackers with Contributor-level access or higher to submit an HTML file that can redirect users to a malicious domain.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users to malicious websites.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Aug 15, 2025, 9:27 AM

Updated: Aug 15, 2025, 9:27 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

elink – Embed Content WordPress Plugin Malicious Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating