Vulnerability Description
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Managewp | Broken Link Checker | <= 1.11.8 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154875/WordPress-Broken-Link-Checker-1.11.8ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Oct/31ExploitMailing ListThird Party Advisory
- https://wordpress.org/plugins/broken-link-checker/#developersProduct
- https://wpvulndb.com/vulnerabilities/9917ExploitThird Party Advisory
- http://packetstormsecurity.com/files/154875/WordPress-Broken-Link-Checker-1.11.8ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Oct/31ExploitMailing ListThird Party Advisory
- https://wordpress.org/plugins/broken-link-checker/#developersProduct
- https://wpvulndb.com/vulnerabilities/9917ExploitThird Party Advisory
FAQ
What is CVE-2019-17207?
CVE-2019-17207 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject c...
How severe is CVE-2019-17207?
CVE-2019-17207 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17207?
Check the references section above for vendor advisories and patch information. Affected products include: Managewp Broken Link Checker.