Login

Tag Archives: Broken Link Checker

23 May 2025

Plugin Vulnerabilities Customers Helped Make WordPress Plugins More Secure, Week of May 23

Our customers provide us with the ability to help make WordPress plugins more secure. Mostly, with plugins they use, but to a lesser extent other plugins. That work often goes unmentioned. So we are highlighting that to help to better understand what is going on and how signing up for our service can help to expand that work.

Missing Capabilities Check Addressed

Based on our proactive monitoring flagging an issue in an update of the BEAF plugin, which has 20,000+ installs, the developer addressed a lacked of a capabilities check that could have allowed an attacker to change plugin settings and upload files. All plugins being used by our customer go through an extended version of that monitoring on a weekly basis. [Read more]

17 Feb 2023

Not Really a WordPress Plugin Vulnerability, Week of February 17

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports, we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular, are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to the level of getting their own post, we now place them in a weekly post when we come across them.

Admin+ Stored Cross-Site Scripting in Broken Link Checker

Automattic’s WPScan claimed there had been an admin+ stored cross-site scripting via import vulnerability in the plugin Broken Link Checker. They explained it this way: [Read more]