Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a through <= 0.5.4.
Published: 2025-04-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of user input during page generation, allowing an attacker to store malicious scripts in the site’s content. The stored XSS can then be executed in the browsers of any visitor to the affected page, potentially compromising user sessions, injecting malicious content, or facilitating phishing attacks. The weakness is a classic cross‑site scripting scenario documented as CWE‑79.

Affected Systems

Affected software is the Jose Conti Link Shield WordPress plugin, versions up to and including 0.5.4. The vulnerability risks all installations that have not upgraded beyond that release, regardless of site size or user base.

Risk and Exploitability

The CVSS score of 7.1 indicates a high‑severity flaw. The EPSS score is less than 1 %, suggesting that current exploit activity is low, and the vulnerability is not listed in the CISA KEV catalog. However, the attack vector is inferred to involve CSRF‑like forged requests, enabling an attacker to inject script payloads without direct interaction with the victim. Exploitation would require that the attacker can send malicious input to the plugin’s processing routine, typically through a crafted form submission or link.

Generated by OpenCVE AI on April 30, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Implement the latest Link Shield release (0.5.5 or newer) to remove the stored XSS flaw.
  • If an upgrade can not be performed immediately, remove or deactivate the plugin until a patched version is available.
  • Apply general WordPress security best practices: keep core and all plugins up to date, enforce content security policies, and validate or escape all user‑submitted data before rendering.

Generated by OpenCVE AI on April 30, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10612 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield link-shield allows Stored XSS.This issue affects Link Shield: from n/a through <= 0.5.4.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 09 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 09 Apr 2025 16:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Conti Link Shield allows Stored XSS. This issue affects Link Shield: from n/a through 0.5.4.
Title WordPress Link Shield plugin <= 0.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:23.241Z

Reserved: 2025-04-09T11:19:20.928Z

Link: CVE-2025-32503

cve-icon Vulnrichment

Updated: 2025-04-09T18:50:58.414Z

cve-icon NVD

Status : Deferred

Published: 2025-04-09T17:15:44.187

Modified: 2026-04-23T15:29:00.073

Link: CVE-2025-32503

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:00:05Z

Weaknesses