Broken Link Checker <= 1.10.2 - Stored XSS



Description
Broken Link Checker is vulnerable to stored XSS (again). The plugin don’t check the links on their validity. Very bad: JavaScript code is a valid link. Example: <a href="javascript:alert(1)">Link</a>.
Malicious JavaScript can be injected by any post author.

Screenshots: http://imgur.com/mTEobu7 / http://imgur.com/3z8GmL0 / http://imgur.com/KLSTP3S

Affects Plugin

fixed in version 1.10.3

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter SecuBeastTeam
Views 279
Verified No
WPVDB ID 9963

Timeline

Publicly Published 2014-12-05 (over 5 years ago)
Added 2019-12-02 (7 months ago)
Last Updated 2019-12-02 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin