CVE-2024-12121

Name of the Vulnerable Software and Affected Versions Broken Link Checker | Finder plugin for WordPress versions up to, and including, 2.5.0

Description The issue allows authenticated attackers with Author-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services via the moblc check link function. The problem is related to Blind Server-Side Request Forgery.

Recommendations For versions up to, and including, 2.5.0, consider disabling the moblc check link function as a temporary workaround until a patch is available. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.