CVE-2024-10903
MEDIUMBroken Link Checker < 2.4.2 - Authenticated Server-Side Request Forgery via URL Validation Bypass
Title source: llmDescription
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/
Scores
CVSS v3
4.7
EPSS
0.0034
EPSS Percentile
25.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
managewp/broken_link_checker
< 2.4.2
Published
Dec 26, 2024
Tracked Since
Feb 18, 2026