CVE-2025-4047 is a security vulnerability identified in the Broken Link Checker plugin for WordPress, affecting all versions up to and including 2.4.4. The root cause is a missing authorization check (CWE-862) in two AJAX functions: ajax_full_status and ajax_dashboard_status. These functions are intended to provide status information about the plugin's operation but lack proper capability verification, allowing any authenticated user with at least Subscriber-level privileges to access this information. The vulnerability does not permit modification or deletion of data, only unauthorized viewing of plugin status details. The CVSS 3.1 base score is 4.3, reflecting a network attack vector with low complexity, requiring privileges but no user interaction, and limited confidentiality impact without affecting integrity or availability. No patches or exploits are currently reported, but the flaw represents a risk of information disclosure that could aid attackers in reconnaissance or further exploitation. The vulnerability affects a widely used WordPress plugin, making it relevant for a large number of websites globally. The lack of authorization checks in AJAX endpoints is a common security oversight in WordPress plugins, emphasizing the need for rigorous capability validation in plugin development.

The primary impact of this vulnerability is unauthorized disclosure of plugin status information to authenticated users with minimal privileges (Subscriber-level). While the information disclosed is limited to plugin operational status and does not include sensitive user data or site content, it can provide attackers with insights into the site's plugin environment and potential weaknesses. This reconnaissance information could be leveraged in multi-stage attacks or social engineering campaigns. The vulnerability does not affect data integrity or availability, so it does not directly enable data modification or denial of service. However, the exposure of internal plugin status could indirectly facilitate more targeted attacks against the affected WordPress site. Given the widespread use of WordPress and the Broken Link Checker plugin, many organizations, including businesses, educational institutions, and government websites, could be impacted. The risk is heightened in environments where many users have Subscriber-level access or where user roles are not tightly controlled.

Organizations should monitor the Broken Link Checker plugin for official patches or updates addressing this vulnerability and apply them promptly once available. In the interim, administrators should audit user roles and permissions to minimize the number of users with Subscriber-level or higher access, especially on sites where such access is not strictly necessary. Implementing the principle of least privilege reduces the risk of exploitation. Additionally, site administrators can consider temporarily disabling the Broken Link Checker plugin if the risk is unacceptable and no patch is available. Reviewing and hardening WordPress security configurations, including restricting access to AJAX endpoints via web application firewalls or custom code, can provide additional layers of defense. Developers maintaining WordPress plugins should ensure that all AJAX handlers include proper capability checks to prevent similar authorization bypass issues. Regular security audits and vulnerability scanning of WordPress environments are recommended to detect and remediate such issues proactively.