SQL Injection Vulnerability in AIOSEO's Broken Link Checker Plugin
CVE-2025-1264

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Broken Link Checker By AiOSeo – Easily Fix/monitor Internal And External Links
Vendor
CVE Published:
6 April 2025

What is CVE-2025-1264?

The Broken Link Checker plugin by AIOSEO, designed to monitor and fix internal and external links, is susceptible to SQL Injection due to inadequate input validation on the 'orderBy' parameter. This vulnerability allows authenticated users with Contributor-level access and higher to manipulate existing SQL queries, potentially leading to unauthorized access and retrieval of sensitive database information. Correcting this flaw requires proper sanitization of user inputs and restructuring of database queries to enhance security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links * <= 1.2.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/broken-link-ch...
https://plugins.trac.wordpress.org/browser/broken-link-ch...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christiaan Swiers
JSON
.