Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Security & Risk Analysis

wordpress.org/plugins/broken-link-checker-seo

Broken Link Checker by AIOSEO ensures all links on your website are working. Check your site for broken links and easily fix them to improve SEO.

300K active installs v1.2.10 PHP 5.6+ WP 5.7+ Updated Mar 7, 2026

broken-linkscheck-linksexternal-linkinternal-linkseo

A · Safe

CVEs total3

Unpatched0

Last CVEDec 9, 2025

Plugin page Download

Safety Verdict

Is Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Safe to Use in 2026?

Generally Safe

Score 96/100

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 9, 2025Updated 27d ago

Risk Assessment

The "broken-link-checker-seo" plugin v1.2.10 exhibits a mixed security posture. On the positive side, it has a small attack surface with only two AJAX entry points, neither of which are unprotected. The code analysis reveals strong adherence to security best practices in many areas, with a high percentage of SQL queries using prepared statements and a near-perfect output escaping rate. Nonce checks and capability checks are also present for its entry points. However, the presence of two instances of the `unserialize()` function is a significant concern, as this can be a vector for Remote Code Execution (RCE) if data passed to it is not rigorously validated and sanitized. Furthermore, while there are no currently unpatched vulnerabilities, the plugin has a history of three medium-severity CVEs, specifically related to SQL Injection and Missing Authorization. This history suggests a pattern of past security weaknesses that, while addressed, warrant ongoing vigilance.

Key Concerns

Use of unserialize() function
Previous medium severity CVEs found

Vulnerabilities

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Security Vulnerabilities

CVEs by Year

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-67962medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Broken Link Checker <= 1.2.6 - Authenticated (Author+) SQL Injection

Dec 9, 2025 Patched in 1.2.7 (11d)

CVE-2025-11734medium · 5.4Missing Authorization

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing

Nov 17, 2025 Patched in 1.2.6 (1d)

CVE-2025-1264medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection

Apr 5, 2025 Patched in 1.2.4 (1d)

Code Analysis

Analyzed Mar 16, 2026

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

130 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize? @unserialize( $string )app\Utils\Helpers.php:345

unserialize: @unserialize( $string, [ 'allowed_classes' => false ] ); // phpcs:disable PHPCompatibility.Functioapp\Utils\Helpers.php:346

SQL Query Safety

78% prepared32 total queries

Output Escaping

97% escaped134 total outputs

Attack Surface

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_aioseo-blc-dismiss-not-connectedapp\Admin\Notices\NotConnected.php:21

authwp_ajax_aioseo-blc-dismiss-review-plugin-ctaapp\Admin\Notices\Review.php:21

WordPress Hooks 50

actionadmin_noticesaioseo-broken-link-checker.php:53

actionadmin_noticesaioseo-broken-link-checker.php:62

actionadmin_menuapp\Admin\Admin.php:84

actionadmin_menuapp\Admin\Admin.php:85

actionadmin_menuapp\Admin\Admin.php:86

filterlanguage_attributesapp\Admin\Admin.php:87

filterplugin_row_metaapp\Admin\Admin.php:89

actionadmin_footerapp\Admin\Admin.php:92

actionadmin_enqueue_scriptsapp\Admin\Admin.php:360

filteradmin_footer_textapp\Admin\Admin.php:361

actionwp_dashboard_setupapp\Admin\Dashboard.php:21

actioninitapp\Admin\License.php:61

actionadmin_footerapp\Admin\Notices\NotConnected.php:53

actionadmin_footerapp\Admin\Notices\Review.php:68

actionadmin_initapp\Admin\Notifications.php:60

actioninitapp\Admin\Notifications.php:67

actionadmin_noticesapp\Admin\Notifications.php:68

filterrest_allowed_cors_headersapp\Api\Api.php:75

actionrest_api_initapp\Api\Api.php:76

filterwp_insert_post_dataapp\Api\CommonTableActions.php:250

filterhttps_ssl_verifyapp\BrokenLinkChecker.php:304

actioninitapp\BrokenLinkChecker.php:342

filterscript_loader_tagapp\Core\Assets.php:114

actionadmin_headapp\Core\Assets.php:188

actionwp_headapp\Core\Assets.php:191

actionadmin_print_footer_scriptsapp\Core\Assets.php:195

actioninitapp\Core\Cache.php:57

actioninitapp\Emails\ConnectReminder.php:32

actioninitapp\Emails\ConnectReminderSecond.php:32

actioninitapp\Emails\Emails.php:39

actionadmin_initapp\Links\Links.php:55

actionsave_postapp\Links\Links.php:58

actionshutdownapp\Links\Links.php:59

actionadmin_initapp\LinkStatus\LinkStatus.php:53

filterthe_contentapp\Main\Main.php:69

actionadmin_enqueue_scriptsapp\Main\Main.php:71

actionadmin_footerapp\Main\Main.php:72

actioninitapp\Main\Updates.php:27

actioninitapp\Main\Updates.php:28

actionshutdownapp\Options\InternalOptions.php:76

actionshutdownapp\Options\Options.php:64

actioninitapp\Standalone\Highlighter.php:21

actionwp_enqueue_scriptsapp\Standalone\Highlighter.php:44

actionadmin_initapp\Standalone\SetupWizard.php:25

actionadmin_initapp\Standalone\SetupWizard.php:26

actionadmin_menuapp\Standalone\SetupWizard.php:27

actionadmin_headapp\Standalone\SetupWizard.php:28

actionaction_scheduler_after_executeapp\Utils\ActionScheduler.php:30

actionplugins_loadedapp\Utils\ActionScheduler.php:31

actionaction_scheduler/created_tableapp\Utils\ActionScheduler.php:75

Maintenance & Trust

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version5.6

Downloads2.1M

Community Trust

Rating78/100

Number of ratings74

Active installs300K

Alternatives

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Alternatives

Broken Link Checker

broken-link-checker

Broken Link Checker helps you catch broken links & images fast, before they hurt your SEO or UX. Scan and bulk-fix issues from one easy dashboard.

500K 11 CVEs

External Links Overview

external-links-overview

100

Analyze, manage, and monitor all external links on your WordPress site. ---

700 No CVEs

LinkMaster – Link Management, SEO, Broken Links & Redirects

linkmaster

100

LinkMaster: Manage links with custom permalinks, SEO redirects, link cloaking, auto link injection and a broken link checker for WordPress.

200 No CVEs

anyLink

anylink

AnyLink is a Wordpress plugin which allow you to customise you external link like an internal one.

100 No CVEs

Link Diagnostics – Broken Links, Redirects, and Link Insights

link-diagnostic-and-insights

100

Complete link health monitoring for WordPress. Find broken links, fix redirect chains, optimize internal linking, and improve SEO performance.

30 No CVEs

Developer Profile

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links Developer Profile

AIOSEO Plugin Team

2 plugins · 300K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/broken-link-checker-seo/dist/app.css/wp-content/plugins/broken-link-checker-seo/dist/app.js

Script Paths

/wp-content/plugins/broken-link-checker-seo/dist/app.js

Version Parameters

broken-link-checker-seo/dist/app.css?ver=broken-link-checker-seo/dist/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

aioseo-broken-link-checker-app

Data Attributes

data-component="broken-link-checker-app"

JS Globals

window.aioseoBrokenLinkCheckerSettings

FAQ