CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10903 – Broken Link Checker < 2.4.2 - Admin+ SSRF
https://notcve.org/view.php?id=CVE-2024-10903
05 Dec 2024 — The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation. El complemento Broken Link Checker WordPress anterior a 2.4.2 no valida las URL de los enlaces antes de realizarles una solicitud, lo que podría permitir a los usuarios administradores realizar ataques SSRF, por ejemplo, en una instalación multisitio. The Broken Link Checker plugin for WordPress... • https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8981 – Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8981
30 Sep 2024 — The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/broken-link-checker/tags/2.4.0/app/admin-notices/features/class-view.php#L43 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25592 – WordPress Broken Link Checker plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-25592
12 Feb 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en WPMU DEV Broken Link Checker permite almacenar XSS. Este problema afecta a Broken Link Checker: desde n/a hasta 2.2.3. The Broken Link Checker plugin for WordPress is vulner... • https://patchstack.com/database/vulnerability/broken-link-checker/wordpress-broken-link-checker-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23737 – WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-23737
18 Jan 2023 — Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. Vulnerabilidad de inyección SQL (SQLi) no autenticada en el complemento MainWP MainWP Broken Links Checker Extension en versiones <= 4.0. The MainWP Broken Link Checker plugin for WordPress is vulnerable to SQL Injection via several parameters in versions up to, and including, 4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S... • https://patchstack.com/database/vulnerability/mainwp-broken-links-checker-extension/wordpress-mainwp-broken-links-checker-extension-plugin-4-0-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3922 – Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3922
11 Nov 2022 — The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento de WordPress Broken Link Checker anterior a la versión 1.11.20 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, ... • https://wpscan.com/vulnerability/78054bd7-cdc2-4b14-9b5c-30f10e802d6b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2438 – Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-2438
18 Jul 2022 — The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading ... • https://plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914&old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16521 – Broken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16521
15 Oct 2019 — The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product. El plugin broken-link-checker versiones hasta 1.11.8 para WordPress (también se conoce como Broken Link Check... • http://www.openwall.com/lists/oss-security/2019/10/16/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2019-17207 – Broken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17207
14 Oct 2019 — A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. Se encontró una vulnerabilidad de tipo XSS reflejado en el archivo includes/admin/table-printer.php en el plugin Broken-Link-Checker (también se conoce como Broken Lin... • http://packetstormsecurity.com/files/154875/WordPress-Broken-Link-Checker-1.11.8-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5057 – Broken Link Checker <= 1.10.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-5057
29 Jun 2015 — Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. Existe una vulnerabilidad de cross-Site Scripting (XSS) en el panel de administrador de Wordpress cuando se instala el plugin Broken Link Checker plugin en versiones anteriores a la 1.10.9. • http://www.openwall.com/lists/oss-security/2015/06/25/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10098 – Broken Link Checker Plugin ui_get_action_links cross site scripting
https://notcve.org/view.php?id=CVE-2015-10098
20 Apr 2015 — A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/broken-link-checker/commit/f30638869e281461b87548e40b517738b4350e47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •