{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25408", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:19.001Z", "datePublished": "2026-02-19T08:27:05.163Z", "dateUpdated": "2026-04-28T16:14:58.476Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "broken-link-notifier", "product": "Broken Link Notifier", "vendor": "PluginRx", "versions": [{"changes": [{"at": "1.3.6", "status": "unaffected"}], "lessThanOrEqual": "1.3.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:08.203Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Broken Link Notifier: from n/a through <= 1.3.5.</p>"}], "value": "Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:58.476Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-notifier/vulnerability/wordpress-broken-link-notifier-plugin-1-3-4-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T19:33:07.963664Z", "id": "CVE-2026-25408", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T13:23:40.597Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T19:33:07.963664Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T19:33:04.273Z"}}], "cna": {"title": "WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "PluginRx", "product": "Broken Link Notifier", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.3.5"}], "packageName": "broken-link-notifier", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-02-19T09:26:05.367Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-notifier/vulnerability/wordpress-broken-link-notifier-plugin-1-3-4-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Broken Link Notifier: from n/a through <= 1.3.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-02-19T08:27:05.163Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25408", "state": "PUBLISHED", "dateUpdated": "2026-02-19T19:33:13.531Z", "dateReserved": "2026-02-02T12:53:19.001Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:27:05.163Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en PluginRx Broken Link Notifier broken-link-notifier permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Broken Link Notifier: desde n/a hasta &lt;= 1.3.5."}], "id": "CVE-2026-25408", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:22.473", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/broken-link-notifier/vulnerability/wordpress-broken-link-notifier-plugin-1-3-4-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.5]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Broken Link Notifier", "source": "cna", "vendor": "PluginRx"}, "product": "broken_link_notifier", "vendor": "pluginrx"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T06:30:36.431171+00:00", "value": {"mitigation_remediation": ["Update the Broken Link Notifier plugin to the latest available version (1.3.6 or later).", "Enforce role\u2011based access controls so that only users with administrative privileges can interact with the plugin\u2019s management pages and settings.", "Verify that the plugin requires authentication by attempting to access its pages without a logged\u2011in session; ensure they redirect to the login screen."], "summary": {"action": "Patch Plugin", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "Vendor and product: PluginRx:Broken Link Notifier. All versions from the earliest release through 1.3.5 are affected. Users running any 1.3.5 or earlier version are vulnerable.", "description_and_impact": "The plugin lacks proper authorization checks, resulting in a broken access control flaw that allows attackers to exploit incorrectly configured security levels. This flaw is classified as CWE\u2011862 and permits unauthorized users to gain access to restricted plugin functions or data, potentially compromising confidentiality and disrupt normal operation.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% suggests a very low likelihood of active exploitation, and the vulnerability is not listed in the CISA KEV catalog. The most probable attack vector is a web request to the plugin\u2019s endpoints that lacks authentication checks, allowing an attacker to bypass normal access controls."}}}}, "created": "2026-02-20T10:08:26.502852+00:00", "updated": "2026-04-16T06:45:16.304503+00:00", "vendors": ["pluginrx", "pluginrx$PRODUCT$broken_link_notifier", "wordpress", "wordpress$PRODUCT$wordpress"]}