漏洞描述
WordPress Broken Link Notifier插件是一款用于检测和通知网站中失效链接的工具。该插件在ajax_blinks()函数中未对用户提供的URL进行充分验证,导致存在服务器端请求伪造漏洞。攻击者可通过构造恶意请求,使服务器向任意内部或外部地址发起HTTP请求,从而探测内网服务、获取敏感信息或进行未授权操作。
WordPress Broken Link Notifier /wp-admin/admin-ajax.php blnotifier_blinks 服务器端请求伪造漏洞(CVE-2025-6851)
PoC代码
暂无相关漏洞推荐
- WordPress Drag and Drop Multiple File Upload for WooCommerce dnd_codedropz_upload_wc 文件上传漏洞(CVE-2025-4403)
- POC CVE-2020-9039: Couchbase Server - Broken Access Control
- POC CVE-2021-28799: QNAP HBS 3 - Broken Access Control
- POC CVE-2021-37598: WP Cerber < 8.9.3 - Broken Access Control
- POC CVE-2024-29137: WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
- POC wordpress-meta-box-fpd: WordPress Meta Box - Full Path Disclosure
- POC wp-add-search-to-menu-fpd: WordPress Ivory Search - Full Path Disclosure
- POC wp-advanced-iframe-fpd: WordPress Advanced iFrame - Full Path Disclosure
- POC wp-advanced-responsive-video-embedder-fpd: WordPress Advanced Responsive Video Embedder - Full Path Disclosure
- POC wp-ajax-load-more-anything-fpd: WordPress Load More Anything - Full Path Disclosure
- POC wp-ajax-search-lite-fpd: WordPress Ajax Search Lite - Full Path Disclosure
- POC wp-all-in-one-seo-pack-fpd: WordPress All in One SEO Pack - Full Path Disclosure
- POC wp-astra-fpd: WordPress Astra - Full Path Disclosure