VYPR

Broken Link Manager

by WordPress

CVEs (5)

  • CVE-2015-9467CriOct 10, 2019
    risk 0.64cvss 9.8epss 0.02

    The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.

  • CVE-2021-24550HigAug 23, 2021
    risk 0.47cvss 7.2epss 0.02

    The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue

  • CVE-2025-12629HigNov 24, 2025
    risk 0.46cvss 7.1epss 0.00

    The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2015-9468MedOct 10, 2019
    risk 0.40cvss 6.1epss 0.01

    The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.

  • CVE-2015-9453MedOct 7, 2019
    risk 0.40cvss 6.1epss 0.02

    The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.