Does Broken Link Notifier have any unpatched vulnerabilities?

No. All known vulnerabilities in Broken Link Notifier have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Broken Link Notifier compatible with WordPress 6.9.4?

According to WordPress.org data, Broken Link Notifier 1.3.7.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Broken Link Notifier compatible with PHP 7.4+?

Broken Link Notifier requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Broken Link Notifier updated?

Broken Link Notifier was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Broken Link Notifier's security score?

Broken Link Notifier has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Broken Link Notifier Security & Risk Analysis

wordpress.org/plugins/broken-link-notifier

Get notifications when a visitor loads a page with broken links

1K active installs v1.3.7.2 PHP 7.4+ WP 5.9+ Updated Mar 12, 2026

brokencheckerlinklinksnotify

A · Safe

CVEs total3

Unpatched0

Last CVEJan 29, 2026

Plugin page Download

Safety Verdict

Is Broken Link Notifier Safe to Use in 2026?

Generally Safe

Score 95/100

Broken Link Notifier has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jan 29, 2026Updated 22d ago

Risk Assessment

The "broken-link-notifier" v1.3.7.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in several areas, including a high percentage of properly escaped output and the use of prepared statements for a majority of its SQL queries. The absence of a broad attack surface through AJAX handlers, REST API routes, shortcodes, and cron events is also a strength. However, the presence of the `unserialize` function is a significant concern, as it is inherently risky and a common vector for remote code execution if not handled with extreme care and proper input validation, which is not explicitly detailed here. Furthermore, the plugin's vulnerability history, with three past CVEs including a high-severity one for SSRF and missing authorization, suggests a pattern of past security weaknesses. While there are currently no unpatched vulnerabilities, the historical context and the presence of `unserialize` warrant caution. The taint analysis showing flows with unsanitized paths, particularly those tagged as high severity, directly correlates with potential security risks that need to be thoroughly investigated and mitigated.

Key Concerns

Presence of unserialize function
High severity taint flows (4)
Flows with unsanitized paths (7)
Past high severity vulnerability history
Past medium severity vulnerability history (2)
File operations detected
External HTTP requests detected

Vulnerabilities

Broken Link Notifier Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2026-25408medium · 5.3Missing Authorization

Broken Link Notifier <= 1.3.5 - Missing Authorization

Jan 29, 2026 Patched in 1.3.6 (37d)

CVE-2025-6851high · 7.2Server-Side Request Forgery (SSRF)

Broken Link Notifier <= 1.3.0 - Unauthenticated Server-Side Request Forgery

Jul 10, 2025 Patched in 1.3.1 (1d)

CVE-2025-6838medium · 4.1Improper Neutralization of Formula Elements in a CSV File

Broken Link Notifier <= 1.3.0 - Authenticated (Contributor+) CSV Injection

Jul 10, 2025 Patched in 1.3.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Broken Link Notifier Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

419 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$returned_object = unserialize( wp_remote_retrieve_body( $response ) );includes\helpers.php:561

SQL Query Safety

75% prepared24 total queries

Output Escaping

93% escaped451 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths

check_link (includes\helpers.php:1556)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Broken Link Notifier Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 34

actionadmin_initbroken-link-notifier.php:55

actionadmin_noticesbroken-link-notifier.php:58

filterblnotifier_link_before_prechecksincludes\example-hook.php:10

actionadmin_initincludes\export.php:38

filterblnotifier_link_before_prechecksincludes\integrations.php:30

actionadmin_initincludes\loader.php:41

filterplugin_row_metaincludes\loader.php:57

actioninitincludes\menu.php:16

actionadmin_menuincludes\menu.php:78

actionadmin_initincludes\menu.php:81

filterparent_fileincludes\menu.php:84

actionadmin_initincludes\menu.php:87

actionadmin_enqueue_scriptsincludes\menu.php:90

actioninitincludes\omits.php:15

actionadmin_noticesincludes\omits.php:65

actionadmin_headincludes\omits.php:68

actionadmin_enqueue_scriptsincludes\omits.php:82

actioninitincludes\results.php:16

actionload-edit.phpincludes\results.php:68

actionload-edit-tags.phpincludes\results.php:69

actionadmin_bar_menuincludes\results.php:72

actionwp_mail_failedincludes\results.php:75

actionwp_enqueue_scriptsincludes\results.php:86

actionadmin_enqueue_scriptsincludes\results.php:87

actionall_admin_noticesincludes\results.php:104

actioninitincludes\scan-multi.php:15

actionadmin_head-edit.phpincludes\scan-multi.php:31

actionpost_row_actionsincludes\scan-multi.php:34

actionpage_row_actionsincludes\scan-multi.php:35

actionadmin_headincludes\scan-multi.php:44

filterwp_redirectincludes\scan-multi.php:210

filterwp_safe_redirectincludes\scan-multi.php:211

actioninitincludes\scan.php:15

actionadmin_enqueue_scriptsincludes\scan.php:50

Maintenance & Trust

Broken Link Notifier Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads28K

Community Trust

Rating96/100

Number of ratings14

Active installs1K

Alternatives

Broken Link Notifier Alternatives

Link Checker Professional

link-checker

An easy to use link checker for WordPress to detect broken links and images on your website.

4K 1 CVE

External Links Overview

external-links-overview

100

Analyze, manage, and monitor all external links on your WordPress site. ---

700 No CVEs

Check for Broken Links

check-for-broken-links

Check for Broken Links is a WordPress plugin that helps you find and fix broken links on your website.

400 No CVEs

Save Post. Check Links.

spcl

100

Verifies URLs of links in your content are reachable when saving a post in WordPress.

100 No CVEs

Link Diagnostics – Broken Links, Redirects, and Link Insights

link-diagnostic-and-insights

100

Complete link health monitoring for WordPress. Find broken links, fix redirect chains, optimize internal linking, and improve SEO performance.

30 No CVEs

Developer Profile

Broken Link Notifier Developer Profile

PluginRx

12 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Broken Link Notifier

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/broken-link-notifier/includes/css/admin.css/wp-content/plugins/broken-link-notifier/includes/js/admin.js/wp-content/plugins/broken-link-notifier/includes/js/tinymce.js

Version Parameters

broken-link-notifier/includes/css/admin.css?ver=broken-link-notifier/includes/js/admin.js?ver=broken-link-notifier/includes/js/tinymce.js?ver=

HTML / DOM Fingerprints

CSS Classes

blnotifier-admin-wrap

Data Attributes

data-blnotifier-scan-url

JS Globals

blnotifier_admin_vars

FAQ