CVE-2025-1363

easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS

Description

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

INFO

Published Date :

2025-03-09T06:00:04.772Z

Last Modified :

2025-03-12T19:26:18.806Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-1363 vulnerability.

Vendors	Products
Tahminajannat	Url Shortener \\| Conversion Tracking \\| Ab Testing \\| Woocommerce

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1363.

URL	Resource
https://wpscan.com/vulnerability/16b08e77-3562-4506-9b28-abd1b1128b0a/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact