MAL-2025-5906 Malicious code in crypto-notifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14edf6ea7a68922079f8577f719246d4b53f4a31565dab3714813dc76cb78bcf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in notifier-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c838abd608c5a94498f447a0d0421c940e32b2216a2b6357a45742c5dc29fc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5943 Malicious code in notifier-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c838abd608c5a94498f447a0d0421c940e32b2216a2b6357a45742c5dc29fc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-6838

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CS...

CVE-2025-53662

Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-6851

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-6851

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-6838

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CS...

CVE-2025-6838 Broken Link Notifier <= 1.3.0 - Authenticated (Contributor+) CSV Injection

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CS...

CVE-2025-6838

CVE-2025-6838 affects WordPress Broken Link Notifier plugin up to and including 1.3.0. The vulnerability arises from CSV injection via broken links exported to CSV, enabling authenticated attackers with Contributor-level access or higher to embed untrusted input that can lead to code execution on...

CVE-2025-6851 Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-6851

The WordPress Broken Link Notifier plugin is affected by CVE-2025-6851: SSRF via the ajax_blinks() path, calling check_url_status_code(), enabling unauthenticated requests from the application to arbitrary external/internal locations. Affected versions are all prior to 1.3.1 (up to and including ...

CVE-2025-6851 Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

The vulnerability of the IFTTT Build Notifier plugin in the Jenkins automation server, related to the storage of keys in an exposed manner, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the IFTTT Build Notifier plugin in the Jenkins automation server lies in the storage of keys in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

PT-2025-29218 · WordPress · Broken Link Notifier For Wordpress

Name of the Vulnerable Software and Affected Versions: Broken Link Notifier for WordPress versions prior to 1.3.1 Description: The plugin is susceptible to CSV injection through broken links that are exported. This allows authenticated attackers with Contributor-level access or higher to embed...

WordPress plugin Broken Link Notifier 代码问题漏洞

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. The WordPress Broken Link Notifier plugin suffers from a code issue vulnerability that stems from the server not implementing an adequate validation mechanism to...

WordPress plugin Broken Link Notifier 安全漏洞

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. A code execution vulnerability exists in the WordPress Broken Link Notifier plugin that stems from the possibility of embedding malicious input when exporting CSV...

PT-2025-29219 · WordPress · Broken Link Notifier

Name of the Vulnerable Software and Affected Versions: Broken Link Notifier plugin for WordPress versions prior to 1.3.1 Description: The plugin is susceptible to Server-Side Request Forgery SSRF. This allows unauthenticated attackers to make web requests to arbitrary locations originating from t...

WordPress Broken Link Notifier plugin <= 1.3.0 - Authenticated (Contributor+) CSV Injection vulnerability

Authenticated Contributor+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Broken Link Notifier versions = 1.3.0...

VulnCheck KEV: CVE-2025-6851

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...