CVE-2024-10903: Broken Link Checker < 2.4.2 - Admin+ SSRF

Description

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.

Classification

CVE ID: CVE-2024-10903

Affected Products

Vendor: Unknown

Product: Broken Link Checker

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/

Timeline

2024-12-27 00:30:17 UTC
CVE

Broken Link Checker < 2.4.2 - Admin+ SSRF