{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67962", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:23.851Z", "datePublished": "2025-12-16T08:12:57.962Z", "dateUpdated": "2026-04-28T16:14:24.926Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "broken-link-checker-seo", "product": "Broken Link Checker", "vendor": "AIOSEO Plugin Team", "versions": [{"changes": [{"at": "1.2.7", "status": "unaffected"}], "lessThanOrEqual": "1.2.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "mcdruid | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:23:51.059Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.<p>This issue affects Broken Link Checker: from n/a through <= 1.2.6.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:24.926Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-checker-seo/vulnerability/wordpress-broken-link-checker-plugin-1-2-6-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-16T20:46:19.211076Z", "id": "CVE-2025-67962", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T18:08:02.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67962", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-16T20:46:19.211076Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T20:46:14.098Z"}}], "cna": {"title": "WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "mcdruid | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AIOSEO Plugin Team", "product": "Broken Link Checker", "versions": [{"status": "affected", "changes": [{"at": "1.2.7", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.2.6"}], "packageName": "broken-link-checker-seo", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:23:51.059Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-checker-seo/vulnerability/wordpress-broken-link-checker-plugin-1-2-6-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.<p>This issue affects Broken Link Checker: from n/a through <= 1.2.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:55.162Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67962", "state": "PUBLISHED", "dateUpdated": "2026-04-27T18:08:02.901Z", "dateReserved": "2025-12-15T10:00:23.851Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-12-16T08:12:57.962Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6."}], "id": "CVE-2025-67962", "lastModified": "2026-04-27T18:16:51.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-16T09:15:59.850", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-checker-seo/vulnerability/wordpress-broken-link-checker-plugin-1-2-6-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:15:09.444088+00:00", "value": {"mitigation_remediation": ["Upgrade the Broken Link Checker plugin to version 1.2.7 or newer, which removes the vulnerable code paths.", "If an immediate upgrade is not possible, deactivate the plugin or block public access to its link\u2011checking endpoints to prevent exploitation.", "Consider disabling link checking functionality or sanitizing inputs to eliminate the injected SQL vectors until a patch is applied."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress plugin \u2018Broken Link Checker\u2019 from the AIOSEO Plugin Team. All versions up to and including 1.2.6 are vulnerable. No specific third\u2011party vendors or additional products are listed as affected.", "description_and_impact": "This vulnerability is an SQL injection flaw caused by improper neutralization of special elements in an SQL command within the AIOSEO Plugin Team Broken Link Checker. An attacker could inject arbitrary SQL statements, potentially retrieving, modifying, or deleting sensitive database information. The likely attack vector is through the plugin\u2019s publicly accessible link checking functionality, as the issue is exposed via web requests.", "risk_and_exploitability": "The CVSS score of 7.6 indicates high severity, but the EPSS score of less than 1% suggests a very low exploitation probability at present. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation would require sending a crafted request to the plugin\u2019s link checking endpoint; authentication is not required as the plugin is publicly accessible. Due to the high potential impact, the risk remains significant despite the low likelihood."}}}}, "created": "2025-12-16T17:08:57.661798+00:00", "updated": "2026-04-28T10:15:28.865124+00:00", "vendors": ["aioseo", "aioseo$PRODUCT$broken_link_checker", "wordpress", "wordpress$PRODUCT$wordpress"]}