Primary

Context

Broken Link Checker WordPress Plugin Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Broken Link Checker plugin for WordPress, allowing unauthorized data access. This issue arises from a lack of capability checks in the 'ajax_full_status' and 'ajax_dashboard_status' functions, affecting all versions up to and including 2.4.4. As a result, authenticated attackers with Subscriber-level access or higher can view the plugin's status on the dashboard.

Impact

Exploitation of this vulnerability allows authenticated users with Subscriber-level access and above to access and view plugin status information that should be restricted.

Remediation

Users can update to Broken Link Checker version 2.4.5 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

0.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Broken Link Checker WordPress Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating