Lucene search
Jihoon Lee (AhnLab)WPEX-ID:78054BD7-CDC2-4B14-9B5C-30F10E802D6BHistoryNov 11, 2022 - 12:00 a.m.
Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting
2022-11-1100:00:00
Jihoon Lee (AhnLab)
90
broken link checker
xss vulnerability
youtube api key settings
exploit
EPSS
0.001
Percentile
25.3%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the Youtube API Key settings and save: test"><script>alert(/XSS/)</script>.
The XSS will be triggered when viewing the settings page againRelated
cvelist
cvelist
CVE-2022-3922 Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting
2022-12-28 10:37:25
openvas
openvas
WordPress Broken Link Checker Plugin < 1.11.20 XSS Vulnerability
2023-01-02 00:00:00
cve
cve
CVE-2022-3922
2022-12-28 11:15:09
nvd
nvd
CVE-2022-3922
2022-12-28 11:15:09
prion
prion
Cross site scripting
2022-12-28 11:15:00
wpvulndb
wpvulndb
Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting
2022-11-11 00:00:00