Security Flaw in Broken Link Checker Plugin for WordPress
CVE-2024-10903
Key Information:
- Vendor
- WordPress
- Status
- Broken Link Checker
- Vendor
- CVE Published:
- 26 December 2024
Badges
Summary
A security vulnerability in the Broken Link Checker plugin for WordPress, specifically in versions prior to 2.4.2, has been identified. This flaw arises from the plugin's inability to properly validate link URLs before initiating requests. As a result, admin users, particularly in multisite installations, may be able to exploit this vulnerability to execute Server-Side Request Forgery (SSRF) attacks. Such attacks could compromise internal resources and potentially lead to unauthorized access or data leakage. Website administrators should ensure that they are using the latest version of the plugin to mitigate the risk associated with this vulnerability.
Affected Version(s)
Broken Link Checker 0 < 2.4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved