CVE-2021-24550: 
WordPress vulnerability analysis and mitigation

The Broken Link Manager WordPress plugin through version 0.6.5 contains an authenticated SQL injection vulnerability identified as CVE-2021-24550. The vulnerability was discovered by Shreya Pohekar of Codevigilant Project and was publicly disclosed on July 24, 2021. The issue affects the plugin's URL editing functionality, where the 'url' GET parameter is not properly sanitized (CodeVigilant, WPScan).

The vulnerability exists in the edit URL functionality where the GET parameter 'url' is directly used in SQL statements without proper sanitization, validation, or escaping. The vulnerable code is located in wblm-url-edit.php, line 4, where the raw GET parameter is used directly in a SQL query. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The SQL injection vulnerability allows authenticated users with administrative privileges to execute arbitrary SQL commands against the WordPress database. This could potentially lead to unauthorized access to sensitive data, manipulation of database contents, and possible escalation of privileges within the WordPress installation (WPScan).

As of the latest reports, there is no known fix available for this vulnerability. The plugin appears to be closed or abandoned since the vulnerability disclosure (WPScan).