Executive Summary

CVE-2026-25408 is a Broken Access Control vulnerability in the WordPress Broken Link Notifier Plugin versions up to and including 1.3.5. It is caused by missing authorization, authentication, or nonce token checks within certain plugin functions. This flaw potentially allows unauthenticated users to perform actions that should be restricted to higher-privileged users.

The issue falls under the OWASP Top 10 category A1: Broken Access Control.

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability could allow unauthorized users to execute actions within the Broken Link Notifier plugin that are normally reserved for privileged users. While the severity is rated as low (CVSS score 5.3), it could lead to unauthorized changes or disruptions in the plugin's functionality."}, {'type': 'paragraph', 'content': 'However, the vulnerability is considered unlikely to be exploited and no official patch is currently available.'}] [1]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Useful 0 Not Useful 0

Mitigation Strategies

Since no official patch is currently available for this vulnerability, immediate mitigation steps include limiting access to the Broken Link Notifier plugin and monitoring for unauthorized actions.

Consider disabling or removing the plugin if it is not essential, or restrict its usage to trusted users only.

Stay updated with the plugin developer or Patchstack for any future patches or updates addressing this issue.

Useful 0 Not Useful 0