Broken Link Manager
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9467 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | ||
| CVE-2021-24550 | Hig | 0.47 | 7.2 | 0.02 | Aug 23, 2021 | The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue | ||
| CVE-2025-12629 | Hig | 0.46 | 7.1 | 0.00 | Nov 24, 2025 | The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||
| CVE-2015-9468 | Med | 0.40 | 6.1 | 0.01 | Oct 10, 2019 | The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | ||
| CVE-2015-9453 | Med | 0.40 | 6.1 | 0.02 | Oct 7, 2019 | The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
- risk 0.64cvss 9.8epss 0.02
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
- risk 0.47cvss 7.2epss 0.02
The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue
- risk 0.46cvss 7.1epss 0.00
The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- risk 0.40cvss 6.1epss 0.01
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
- risk 0.40cvss 6.1epss 0.02
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.