CVE-2024-10903

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Dec 26, 2024

Updated: Dec 30, 2024

Summary

CVE-2024-10903 is a vulnerability affecting the Broken Link Checker plugin for WordPress before version 2.4.2. This issue permits admin users to execute Server-Side Request Forgery (SSRF) attacks, as the plugin does not validate link URLs prior to making requests. An attacker could exploit this flaw to gain unauthorized access to internal resources or steal sensitive data within a multisite installation. To mitigate the risk, users are advised to update to the latest plugin version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0PnowP
https://www.cve.org/CVERecord?id=CVE-2024-10903
https://nvd.nist.gov/vuln/detail/CVE-2024-10903

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-10903

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations