WordPress Plugin Vulnerabilities

Broken Link Manager < 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The Broken Link Manager WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
broken-link-manager
Fixed in 0.6.0

References

CVE
CVE-2015-9453
URL
http://cinu.pl/research/wp-plugins/mail_b677bb83a6c1495f85f76faa5b13011d.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6c72ebfe-a526-4316-a6f1-45c05f38af95

Timeline

Publicly Published
2015-07-16 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-18
Title
GoQSmile <= 1.0.1 - Reflected Cross-Site Scripting
Published
2026-03-20
Title
Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
Published
2017-10-16
Title
Easy Appointments < 1.12.0 - Cross-Site Scripting (XSS)
Published
2021-07-21
Title
Maintenance < 4.03 - Authenticated Stored XSS
Published
2026-02-12
Title
Customer Reviews for WooCommerce < 5.98.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter