Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.
Published: 2025-01-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The RaminMT Links/Problem Reporter plugin for WordPress is vulnerable to Reflected Cross‑Site Scripting because it fails to neutralize user input before rendering it in the web page. This flaw allows an attacker to inject malicious script into pages that other users view, resulting in arbitrary script execution in the victim’s browser.

Affected Systems

The vulnerability affects the RaminMT Links/Problem Reporter plugin version 2.6.0 and earlier. Any WordPress site that has installed or updated to one of these versions without applying a fix is vulnerable. The plugin is commonly used to report broken links on WordPress sites.

Risk and Exploitability

The CVSS score of 7.1 indicates high impact under standard conditions, while the EPSS score of <1% shows a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an unauthenticated user visiting a crafted URL that includes malicious script content, making the exploitation straightforward for attackers who can send victims URLs that the plugin will echo back.

Generated by OpenCVE AI on May 2, 2026 at 05:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Links/Problem Reporter plugin to the latest available version that resolves the XSS flaw, once released by RaminMT.
  • If an update is unavailable, ensure that all user‑supplied input displayed by the plugin is properly escaped or sanitized according to WordPress best practices.
  • Deploy a web application firewall or security plugin to detect and block requests containing script tags or other XSS payloads in query parameters.

Generated by OpenCVE AI on May 2, 2026 at 05:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3463 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Links/Problem Reporter allows Reflected XSS. This issue affects Links/Problem Reporter: from n/a through 2.6.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Links/Problem Reporter allows Reflected XSS. This issue affects Links/Problem Reporter: from n/a through 2.6.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter report-broken-links allows Reflected XSS.This issue affects Links/Problem Reporter: from n/a through <= 2.6.0.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 12 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Jan 2025 15:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Links/Problem Reporter allows Reflected XSS. This issue affects Links/Problem Reporter: from n/a through 2.6.0.
Title WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T23:46:23.843Z

Reserved: 2025-01-16T11:30:58.638Z

Link: CVE-2025-23834

cve-icon Vulnrichment

Updated: 2025-02-12T20:34:19.662Z

cve-icon NVD

Status : Deferred

Published: 2025-01-23T16:15:40.203

Modified: 2026-06-17T08:57:35.380

Link: CVE-2025-23834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:45:20Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')