WordPress Plugin Vulnerabilities

easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF

Description

The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks

Proof of Concept

Affects Plugins

Plugin icon
easy-broken-link-checker
No known fix

References

CVE
CVE-2025-1362

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Bob Matyas
Submitter
Bob Matyas
Submitter website
https://www.bobmatyas.com
Submitter twitter
bobmatyas
Verified
Yes
WPVDB ID
035cc502-a514-440f-8808-5655c8c915e2

Timeline

Publicly Published
2025-02-16 (about 10 months ago)
Added
2025-02-16 (about 10 months ago)
Last Updated
2025-02-16 (about 10 months ago)

Other

Published
Title
Published
2023-07-12
Title
Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting
Published
2025-11-03
Title
MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2025-01-16
Title
Google Map With Fancybox <= 2.1.0 - Reflected Cross-Site Scripting
Published
2021-09-21
Title
Special Text Boxes < 5.9.110 - Admin+ Stored Cross-Site Scripting
Published
2025-03-06
Title
Wishlist < 1.0.44 - Authenticated (Contributor+) Stored Cross-Site Scripting