VYPR

Broken Link Checker

by WordPress

Source repositories

CVEs (12)

  • CVE-2026-39466HigApr 8, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <=…

  • CVE-2022-2438HigSep 6, 2022
    risk 0.40cvss 7.2epss 0.01

    The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a…

  • CVE-2019-16521MedOct 16, 2019
    risk 0.40cvss 6.1epss 0.01

    The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by…

  • CVE-2024-8981HigOct 1, 2024
    risk 0.39cvss 7.1epss 0.00

    The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible…

  • CVE-2024-25592MedMar 15, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.

  • CVE-2019-17207MedOct 18, 2019
    risk 0.35cvss 5.4epss 0.02

    A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the…

  • CVE-2015-5057MedAug 18, 2017
    risk 0.33cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.

  • CVE-2024-10903MedDec 26, 2024
    risk 0.31cvss 4.7epss 0.00

    The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.

  • CVE-2022-3922MedDec 28, 2022
    risk 0.31cvss 4.8epss 0.01

    The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2025-4047MedJun 3, 2025
    risk 0.21cvss 4.3epss 0.00

    The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers,…

  • CVE-2015-10098LowApr 8, 2023
    risk 0.16cvss 3.5epss 0.01

    A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site…

  • CVE-2014-125105LowJun 5, 2023
    risk 0.09cvss 2.4epss 0.01

    A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument…