CVE-2024-13868: 
WordPress vulnerability analysis and mitigation

The Easy Broken Link Checker WordPress plugin through version 9.0.2 contains a Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered by Hassan Khan Yusufzai and publicly disclosed on February 13, 2025. The issue exists because the plugin fails to properly sanitize and escape a parameter before outputting it back in the page (WPScan).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue with a CVSS score of 7.1 (High). The vulnerability exists in the plugin's checker-options-page-view.php file, where a parameter is not properly sanitized before being reflected back to users. This can be exploited against high-privilege users such as administrators (WPScan).

When successfully exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of an administrator's browser session. This could potentially lead to unauthorized actions being performed with administrative privileges (WPScan).

No known fix is currently available for this vulnerability. Website administrators running affected versions of the Easy Broken Link Checker plugin should consider either removing the plugin or implementing additional security controls to restrict access to the affected components (WPScan).