← Back

Managewp

managewp

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Broken Link Checker
broken_link_checker
7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-10903
1Managewp
1Broken Link Checker
May 14, 2025
Dec 26, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
CVE-2023-23737
1Managewp
1Broken Link Checker
Nov 21, 2024
Oct 12, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.
CVE-2014-125105
1Managewp
1Broken Link Checker
Nov 21, 2024
Jun 5, 2023
N/A· v4
6.1 MEDIUM· v3
3.3 LOW· v2
A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the compone...Show more
A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The patch is named 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659.Show less
CVE-2022-3922
1Managewp
1Broken Link Checker
Apr 10, 2025
Dec 28, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...Show more
The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2022-2438
1Managewp
1Broken Link Checker
Apr 8, 2026
Sep 6, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with...Show more
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.Show less
CVE-2019-17207
1Managewp
1Broken Link Checker
Nov 21, 2024
Oct 18, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScrip...Show more
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.Show less
CVE-2019-16521
1Managewp
1Broken Link Checker
Nov 21, 2024
Oct 16, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the...Show more
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.Show less