Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-67962

CVE-2025-67962: Broken Link Checker Plugin SQLi Flaw

CVE-2025-67962 is an SQL injection vulnerability in the Broken Link Checker plugin by AIOSEO that allows attackers to execute malicious database queries. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2025-67962 Overview

CVE-2025-67962 is a SQL injection vulnerability in the AIOSEO Broken Link Checker WordPress plugin (broken-link-checker-seo). The flaw stems from improper neutralization of special elements in SQL commands [CWE-89]. All plugin versions up to and including 1.2.6 are affected. An authenticated attacker with high privileges can inject arbitrary SQL statements against the WordPress database. Successful exploitation can disclose database contents and degrade site availability. The vulnerability carries a CVSS 3.1 score of 7.6 and a scope change indicator, meaning impact extends beyond the vulnerable component to the underlying database.

Critical Impact

Authenticated attackers can execute arbitrary SQL queries against the WordPress database, exposing confidential data such as user credentials, session tokens, and post metadata.

Affected Products

  • AIOSEO Plugin Team Broken Link Checker (broken-link-checker-seo) versions up to and including 1.2.6
  • WordPress sites running the vulnerable plugin
  • Underlying MySQL/MariaDB database backing the WordPress instance

Discovery Timeline

  • 2025-12-16 - CVE-2025-67962 published to NVD
  • 2026-04-27 - Last updated in NVD database

Technical Details for CVE-2025-67962

Vulnerability Analysis

The vulnerability resides in the Broken Link Checker plugin's handling of user-controllable input destined for SQL queries. The plugin fails to apply proper parameterization or escaping before incorporating input into database statements. An attacker with high-privilege access, such as an administrator or editor depending on the plugin's permission model, can craft requests that alter query semantics. Because the CVSS vector indicates a changed scope, the injected SQL affects the database engine rather than just the plugin context. The integrity impact is rated none, but confidentiality impact is high, indicating data extraction is the primary exploitation outcome. Availability is partially affected, consistent with crafted queries that consume database resources or cause query failures.

Root Cause

The root cause is improper neutralization of special elements used in SQL commands [CWE-89]. The plugin concatenates request parameters into SQL strings without using $wpdb->prepare() placeholders or equivalent parameterized query mechanisms exposed by the WordPress database abstraction layer.

Attack Vector

Exploitation occurs over the network through authenticated HTTP requests to plugin endpoints. The attacker must already hold a high-privilege WordPress account. No user interaction is required, and attack complexity is low. The attacker submits crafted parameters containing SQL metacharacters such as quotes, comments, and UNION SELECT clauses to extract database records or enumerate the schema.

No verified public exploit code is available. See the Patchstack SQL Injection Advisory for technical details.

Detection Methods for CVE-2025-67962

Indicators of Compromise

  • HTTP requests to Broken Link Checker plugin endpoints containing SQL metacharacters such as ', --, UNION, or SLEEP( in parameter values
  • Unusual SELECT queries against wp_users, wp_usermeta, or wp_options originating from PHP worker processes during plugin activity
  • Spikes in database errors logged by WordPress when malformed SQL is submitted through plugin parameters
  • Outbound data exfiltration from the web server following administrator-authenticated requests to the plugin

Detection Strategies

  • Inspect web server access logs for authenticated requests to broken-link-checker-seo admin-ajax or REST endpoints containing encoded SQL syntax
  • Enable MySQL general query logging or slow query logging to identify anomalous queries referencing sensitive tables
  • Deploy a WordPress-aware web application firewall ruleset that blocks SQL injection payloads on plugin routes
  • Correlate WordPress audit logs with database query logs to attribute injected statements to specific authenticated sessions

Monitoring Recommendations

  • Alert on administrator account activity that includes unexpected plugin parameter usage outside of routine link-scanning operations
  • Monitor for newly created database users, modified wp_users rows, or password hash exports following plugin interaction
  • Track HTTP response sizes from plugin endpoints, since large responses can indicate successful data extraction via UNION-based injection

How to Mitigate CVE-2025-67962

Immediate Actions Required

  • Audit all WordPress sites for the broken-link-checker-seo plugin and confirm the installed version
  • Deactivate the Broken Link Checker plugin until a patched release is verified and applied
  • Rotate WordPress administrator and database user credentials if exploitation is suspected
  • Restrict administrative access using IP allowlisting and enforce multi-factor authentication on privileged accounts

Patch Information

No fixed version is identified in the available advisory data. Consult the Patchstack SQL Injection Advisory and the official plugin repository for the latest release notes. Upgrade to any version released after 1.2.6 once the vendor publishes a fix.

Workarounds

  • Remove or deactivate the Broken Link Checker plugin until a patched version is installed
  • Apply virtual patching through a web application firewall by blocking SQL metacharacters on plugin request parameters
  • Limit the number of WordPress accounts holding administrator or editor privileges to reduce the exploitable user population
  • Enforce least privilege on the database user configured in wp-config.php by removing FILE and unnecessary GRANT permissions
bash
# Configuration example: deactivate the vulnerable plugin via WP-CLI
wp plugin deactivate broken-link-checker-seo
wp plugin status broken-link-checker-seo

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.