CVE-2024-10903

Name of the Vulnerable Software and Affected Versions Broken Link Checker WordPress plugin versions prior to 2.4.2

Description The issue arises from the plugin's failure to validate link URLs before making requests to them. This could allow admin users to perform Server-Side Request Forgery (SSRF) attacks, particularly in multisite installations. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or data exposure.

Recommendations For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Broken Link Checker plugin in multisite installations until the update is applied. Additionally, restrict access to the plugin's functionality for non-admin users to minimize the risk of exploitation.