CVE-2024-8981

01.10.2024, 03:15

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Basic XSS

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Wordfence	CNA	7.1 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Common Weakness Enumeration

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References

https://plugins.trac.wordpress.org/browser/broken-link-checker/tags/2.4.0/app/admin-notices/features/class-view.php#L43

https://plugins.trac.wordpress.org/changeset/3159860/broken-link-checker/trunk/app/admin-notices/features/class-view.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/429fe34a-5fa9-4032-9b21-4de114dbc9d1?source=cve