Broken Link Checker <= 1.11.8 - Authenticated Cross-Site Scripting (XSS)

Affects Plugin

fixed in version 1.11.9

References

CVE 2019-17207
CVE 2019-16521
PACKETSTORM 154875
URL https://seclists.org/fulldisclosure/2019/Oct/31
URL https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker
URL https://plugins.trac.wordpress.org/changeset/2186570/broken-link-checker

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Tobias Fink (SBA Research)
Views 5166
Verified No
WPVDB ID 9917

Timeline

Publicly Published 2019-10-15 (about 1 month ago)
Added 2019-10-16 (about 1 month ago)
Last Updated 2019-11-06 (12 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin