elink – Embed Content

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Description

The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain.

Basic Information

ID CVE-2025-7507

Source Wordfence

Published Aug 15, 2025 at 08:25

Affected Product

Vendor elinkcontent

Product elink – Embed Content

Version *

Affected Versions elinkcontent elink – Embed Content *

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "The elink \u2013 Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain.",
    "published": "2025-08-15T08:25:40.562Z",
    "modified": "2025-08-15T08:25:40.562Z",
    "type": "cve",
    "title": "elink \u2013 Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bda249f7-07a9-47ba-bba4-85abd8f8a207?source=cve\nhttps://wordpress.org/plugins/elink-embed-content/",
    "id": "CVE-2025-7507",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "elinkcontent elink \u2013 Embed Content *",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "elink \u2013 Embed Content",
    "version": "*",
    "vendor": "elinkcontent",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation_CVE-2025-7507