The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |
Title | Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-19T01:45:14.611Z
Updated: 2024-12-20T17:41:32.059Z
Reserved: 2024-12-03T22:16:00.537Z
Link: CVE-2024-12121
Vulnrichment
Updated: 2024-12-20T16:46:03.408Z
NVD
Status : Received
Published: 2024-12-19T02:15:22.610
Modified: 2024-12-19T02:15:22.610
Link: CVE-2024-12121
Redhat
No data.