PT-2025-29218 · WordPress · Broken Link Notifier For Wordpress
Jfriedli
·
Published
2025-07-11
·
Updated
2025-07-11
·
CVE-2025-6838
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Broken Link Notifier for WordPress versions prior to 1.3.1
Description:
The plugin is susceptible to CSV injection through broken links that are exported. This allows authenticated attackers with Contributor-level access or higher to embed untrusted input into exported CSV files. Opening these files on a vulnerable local system can lead to code execution.
Recommendations:
Update to a version prior to 1.3.1.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Broken Link Notifier For Wordpress