CVE-2019-16521

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Broken Link Checker
Vendor
CVE Published:
16 October 2019

Summary

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.

References

https://wordpress.org/plugins/broken-link-checker/#develo...
x_refsource_MISC
https://github.com/sbaresearch/advisories/tree/public/201...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/10/16/3
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.