CVE-2025-6838: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in apos37 Broken Link Notifier
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
AI Analysis
Technical Summary
The Broken Link Notifier plugin for WordPress (versions up to 1.3.0) is vulnerable to CSV Injection (CWE-1236). Authenticated attackers with Contributor-level permissions or higher can embed untrusted input into CSV files generated by the plugin when exporting broken links. This improper neutralization of formula elements allows potential code execution upon opening the CSV file in spreadsheet software that processes such formulas. The vulnerability is network exploitable with low attack complexity and requires user interaction to open the malicious CSV file.
Potential Impact
The vulnerability allows an attacker with Contributor-level access or higher to inject malicious content into CSV exports, which can lead to code execution on the local system of a user who opens the exported CSV file with a vulnerable spreadsheet application. There is no direct impact on confidentiality or availability, but integrity is impacted due to possible code execution. No known exploits are reported in the wild.
Mitigation Recommendations
A patch is available for this vulnerability. Users of the Broken Link Notifier plugin should update to the latest version beyond 1.3.0 to remediate this issue. Until patched, restrict Contributor-level access to trusted users and exercise caution when opening CSV files exported from this plugin.
CVE-2025-6838: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in apos37 Broken Link Notifier
Description
The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Broken Link Notifier plugin for WordPress (versions up to 1.3.0) is vulnerable to CSV Injection (CWE-1236). Authenticated attackers with Contributor-level permissions or higher can embed untrusted input into CSV files generated by the plugin when exporting broken links. This improper neutralization of formula elements allows potential code execution upon opening the CSV file in spreadsheet software that processes such formulas. The vulnerability is network exploitable with low attack complexity and requires user interaction to open the malicious CSV file.
Potential Impact
The vulnerability allows an attacker with Contributor-level access or higher to inject malicious content into CSV exports, which can lead to code execution on the local system of a user who opens the exported CSV file with a vulnerable spreadsheet application. There is no direct impact on confidentiality or availability, but integrity is impacted due to possible code execution. No known exploits are reported in the wild.
Mitigation Recommendations
A patch is available for this vulnerability. Users of the Broken Link Notifier plugin should update to the latest version beyond 1.3.0 to remediate this issue. Until patched, restrict Contributor-level access to trusted users and exercise caution when opening CSV files exported from this plugin.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-27T18:38:38.615Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6870cbcaa83201eaacad5c2f
Added to database: 7/11/2025, 8:31:06 AM
Last enriched: 4/9/2026, 10:41:39 AM
Last updated: 5/9/2026, 11:31:01 AM
Views: 258
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.