CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
Configurations

Configuration 1 (hide)

cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2019/10/16/3 - Exploit, Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2019/10/16/3 - Exploit, Mailing List, Third Party Advisory
References () https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker - Exploit, Third Party Advisory () https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker - Exploit, Third Party Advisory
References () https://wordpress.org/plugins/broken-link-checker/#developers - Product, Third Party Advisory () https://wordpress.org/plugins/broken-link-checker/#developers - Product, Third Party Advisory
References () https://wpvulndb.com/vulnerabilities/9917 - Third Party Advisory () https://wpvulndb.com/vulnerabilities/9917 - Third Party Advisory

Information

Published : 2019-10-16 15:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16521

Mitre link : CVE-2019-16521

CVE.ORG link : CVE-2019-16521


JSON object : View

Products Affected

managewp

  • broken_link_checker
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')