Shodan
Vulnerabilities
Vulnerable Software
Managewp:  >> Broken Link Checker  >> 1.11.6  Security Vulnerabilities
CVE-2024-10903
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-12-26
CVE-2023-23737
Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.
CVSS Score
9.3
EPSS Score
0.001
Published
2023-10-12
CVE-2022-3922
The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-28
CVE-2022-2438
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-09-06
CVE-2019-17207
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-10-18
CVE-2019-16521
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved