The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection...
7.2CVSS
7.1AI Score
0.001EPSS
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url...
9.8CVSS
9.9AI Score
0.002EPSS
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL...
6.1CVSS
6AI Score
0.001EPSS
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not...
6.1CVSS
6AI Score
0.002EPSS