CVE-2024-10903
Broken Link Checker < 2.4.2 - Admin+ SSRF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
El complemento Broken Link Checker WordPress anterior a 2.4.2 no valida las URL de los enlaces antes de realizarles una solicitud, lo que podrÃa permitir a los usuarios administradores realizar ataques SSRF, por ejemplo, en una instalación multisitio.
The Broken Link Checker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-11-05 CVE Reserved
- 2024-12-05 CVE Published
- 2024-12-27 EPSS Updated
- 2024-12-30 First Exploit
- 2025-01-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb | 2024-12-30 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Unknown Search vendor "Unknown" | Broken Link Checker Search vendor "Unknown" for product "Broken Link Checker" | < 2.4.2 Search vendor "Unknown" for product "Broken Link Checker" and version " < 2.4.2" | en |
Affected
| ||||||