CVE-2019-16521 - OpenCVE

The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Managewp	Broken Link Checker

Configuration 1 [-]

cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2019/10/16/3
https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker
https://wordpress.org/plugins/broken-link-checker/#developers
https://wpvulndb.com/vulnerabilities/9917

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-16T14:05:40

Updated: 2024-08-05T01:17:40.235Z

Reserved: 2019-09-19T00:00:00

Link: CVE-2019-16521

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-16T15:15:15.270

Modified: 2019-10-18T20:24:32.450

Link: CVE-2019-16521

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-16T17:06:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/broken-link-checker/#developers"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker"}, {"name": "[oss-security] 20191016 [SBA-ADV-20190913-02] CVE-2019-16521: WordPress Plugin - Broken Link Checker <= 1.11.8 - Reflected XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/16/3"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9917"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16521", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/broken-link-checker/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/broken-link-checker/#developers"}, {"name": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker", "refsource": "MISC", "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker"}, {"name": "[oss-security] 20191016 [SBA-ADV-20190913-02] CVE-2019-16521: WordPress Plugin - Broken Link Checker <= 1.11.8 - Reflected XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/16/3"}, {"name": "https://wpvulndb.com/vulnerabilities/9917", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9917"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:17:40.235Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/broken-link-checker/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker"}, {"name": "[oss-security] 20191016 [SBA-ADV-20190913-02] CVE-2019-16521: WordPress Plugin - Broken Link Checker <= 1.11.8 - Reflected XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/16/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9917"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16521", "datePublished": "2019-10-16T14:05:40", "dateReserved": "2019-09-19T00:00:00", "dateUpdated": "2024-08-05T01:17:40.235Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6A8A4C2E-2795-4373-AE4A-08FEB13A87A3", "versionEndIncluding": "1.11.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product."}, {"lang": "es", "value": "El plugin broken-link-checker versiones hasta 1.11.8 para WordPress (tambi\u00e9n se conoce como Broken Link Checker), es susceptible a una vulnerabilidad de tipo XSS reflejado debido a la codificaci\u00f3n e inserci\u00f3n inapropiada de un par\u00e1metro GET HTTP en HTML. La funci\u00f3n filter en la p\u00e1gina que enumera todos los enlaces rotos detectados puede ser explotada proporcionando una carga \u00fatil XSS en el par\u00e1metro GET de s_filter en una petici\u00f3n filter_id=search. NOTA: este es un producto al final de su vida \u00fatil."}], "id": "CVE-2019-16521", "lastModified": "2019-10-18T20:24:32.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-16T15:15:15.270", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/16/3"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-02_WordPress_Plugin_Broken_Link_Checker"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://wordpress.org/plugins/broken-link-checker/#developers"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/9917"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}