Medium severity6.1NVD Advisory· Published Oct 16, 2019· Updated Jun 17, 2026
CVE-2019-16521
CVE-2019-16521
Description
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/broken-link-checker plugindescription
- Range: <=1.11.8
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2019/10/16/3nvdExploitMailing ListThird Party Advisory
- github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_CheckernvdExploitThird Party Advisory
- wordpress.org/plugins/broken-link-checker/nvdProductThird Party Advisory
- wpvulndb.com/vulnerabilities/9917nvdThird Party Advisory
News mentions
0No linked articles in our index yet.