CVE-2024-10903

Published: Dec 26, 2024Modified: May 14, 2025

4.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.2 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.

Affected (1)

Products: Managewp: Broken Link Checker

Managewp

1 product

Broken Link Checker

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Managewp Broken Link Checker	Before 2.4.2

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.