Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High2
Medium2
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-06-04

CVE-2025-4047 - Broken Link Checker Plugin

The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status.

PLUGIN Broken Link Checker

CVE-2025-4047

MEDIUM CVSS 4.3 2025-06-03
Open Full Technical Breakdown
Threat Entry Updated 2025-05-14

CVE-2024-10903 - Broken Link Checker Plugin

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.

PLUGIN Broken Link Checker

CVE-2024-10903

MEDIUM CVSS 4.7 2024-12-26
Open Full Technical Breakdown
Threat Entry Updated 2024-10-04

CVE-2024-8981 - Broken Link Checker Plugin

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Broken Link Checker

CVE-2024-8981

HIGH CVSS 7.1 2024-10-01
Open Full Technical Breakdown
Threat Entry Updated 2025-05-05

CVE-2022-2438 - Broken Link Checker Plugin

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

PLUGIN Broken Link Checker

CVE-2022-2438

HIGH CVSS 7.2 2022-09-06
Open Full Technical Breakdown
Scroll to top