SQL Injection Vulnerability in AIOSEO's Broken Link Checker Plugin
CVE-2025-1264

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Broken Link Checker By AiOSeo – Easily Fix/monitor Internal And External Links
Vendor: CVE Published:; 6 April 2025

What is CVE-2025-1264?

The Broken Link Checker plugin by AIOSEO, designed to monitor and fix internal and external links, is susceptible to SQL Injection due to inadequate input validation on the 'orderBy' parameter. This vulnerability allows authenticated users with Contributor-level access and higher to manipulate existing SQL queries, potentially leading to unauthorized access and retrieval of sensitive database information. Correcting this flaw requires proper sanitization of user inputs and restructuring of database queries to enhance security.

Affected Version(s)

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links * <= 1.2.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/broken-link-ch...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Christiaan Swiers