WordPress Plugin Vulnerabilities

Broken Link Checker | Finder < 2.5.0 - Missing Authorization via moblc_auth_save_settings

Description

The Broken Link Checker | Finder plugin for WordPress is vulnerable to modification of data due to a missing capability check on the moblc_auth_save_settings function in versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to dismiss admin notifications

Affects Plugins

Plugin icon
broken-link-finder
Fixed in 2.5.0

References

CVE
CVE-2023-46082
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4383f41-bd08-4fab-9491-4cf9f7326300

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
45644197-dcb8-4a82-b54c-5cf8713d06fc

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-12 (about 2 years ago)

Other

Published
Title
Published
2026-01-21
Title
BackItUp <= 2.1.0 - Missing Authorization
Published
2026-02-15
Title
Client Invoicing by Sprout Invoices < 20.8.9 - Missing Authorization
Published
2025-01-08
Title
SKT Page Builder < 4.8 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2025-12-11
Title
Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
Published
2024-10-21
Title
Rover IDX < 3.0.0.2905 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions