CVE-2023-46082 - Exploiting Missing Authorization in Broken Link Checker | Finder (Cyberlord92) — How Misconfigured Access Control Can Leave Your Sites Exposed

There’s a hidden danger lurking on dozens of websites relying on the popular WordPress plugin "Broken Link Checker | Finder" by cyberlord92. Known as CVE-2023-46082, this security hole allows attackers to abuse incorrectly-set access controls and run plugin actions without proper authorization. If you have this plugin installed—especially any version up to and including 2.4.2—read on.

What is Broken Link Checker | Finder (by cyberlord92)?

Broken Link Checker | Finder is a WordPress plugin that helps admins find and fix broken links in their content. It’s handy, but a missing authorization check in some functions means anyone—including logged-out users—might run powerful actions meant only for admins.

Where’s the Hole? (The Vulnerability Explained)

CVE-2023-46082 is a "Missing Authorization" vulnerability. That means some plugin actions (like scanning links or accessing sensitive data) don’t check if the visitor making the request actually has the right permissions.

In other words, attackers don’t need a password, special privileges, or even an account—they can just call certain functions directly.

Affected versions: All versions from initial release through 2.4.2.

Anatomy of the Exploit (How Attackers Abuse It)

The main problem: key plugin actions are available via AJAX endpoints, but never verify the user’s capability.

Here’s a simplified example

// Inside the plugin's AJAX handler
add_action('wp_ajax_check_links', 'blc_check_links');
// ... but NOT 'wp_ajax_nopriv_check_links', right? 
// Oops, some cases expose it!

function blc_check_links() {
    // MISSING: current_user_can('manage_options') or similar
    // Instead, anyone can trigger this function!
    // Expensive scan or DB read/write occurs
    // ...
}

What does this mean? An attacker can just call the AJAX endpoint (/wp-admin/admin-ajax.php?action=check_links) directly—even if they are not logged in—to trigger a scan or possibly access data.

Here’s a basic curl command to see if your site is vulnerable

curl -i -X POST \
  "https://YOUR-WEBSITE.COM/wp-admin/admin-ajax.php?action=check_links";

If the response looks like real data (not just "" or "Unauthorized"), your site is likely exposed.

Official References

- NVD CVE-2023-46082
- Broken Link Checker | Finder Plugin Homepage
- Cyberlord92’s GitHub (Check for updates/patches)

Mitigation:

Block direct access to sensitive AJAX endpoints (e.g., via firewall rules), or restrict access to admin-ajax.php for non-logged-in users.

Modify affected plugin functions to check user capability

if (!current_user_can('manage_options')) {
    wp_die('Unauthorized!');
}

Conclusion

This vulnerability is a perfect example of why proper authorization checks matter in WordPress plugins. If you use Broken Link Checker | Finder by cyberlord92, make sure you act fast—attacks can be run by anyone with just a simple HTTP request.

Stay safe, update your plugins, and always verify user privileges in your own code.


> Found this writeup exclusive and helpful? Share it to help others patch up before attackers strike.


*This post was researched and written in plain language for maximum accessibility. For any questions, consult the plugin developer or a trusted WordPress security provider.*

Timeline

Published on: 01/02/2025 12:15:10 UTC