CVE-2025-7507
BaseFortify
Publication date: 2025-08-15
Last updated on: 2025-08-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elinkcontent | elink_embed_content | 1.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the elink β Embed Content plugin for WordPress (versions up to and including 1.1.0). It allows authenticated users with Contributor-level access or higher to supply URLs through the elink shortcode without proper restrictions. This can be exploited to provide an HTML file that redirects users to a malicious domain.
How can this vulnerability impact me? :
The vulnerability can lead to users being redirected to malicious domains, which can result in phishing attacks, malware infections, or other harmful consequences. Since the attacker needs Contributor-level access or above, it could allow an insider or compromised user account to exploit this to harm site visitors or damage the site's reputation.