Broken Link Checker Plugin

By /

check – Broken Link Checker-plugin on mbsrtraining.com, please

Security Report: Broken Link Checker Plugin

Status: High Risk / Potential Entry Point Action Required: Delete Immediately

You asked to check the “Broken Link Checker” plugin on mbsrtraining.com. While I cannot log into your dashboard to see the specific version you are running, this plugin is a prime suspect for security breaches and performance issues.

Here is why this plugin is likely contributing to your current problems (SEO Spam hack):

1. Critical Vulnerabilities Found (2024-2025)

There are two major versions of this plugin, and both have had serious security flaws recently. If you had an older version installed, it could have been the “open door” hackers used.

  • Scenario A: You use the “Classic” Broken Link Checker (by WPMU DEV)

    • The Flaw: In September 2024, a “Reflected Cross-Site Scripting” (XSS) vulnerability was found (CVE-2024-8981).

    • How it works: An attacker tricks an administrator (you) into clicking a malicious link. This allows them to execute code as you, effectively taking over the site to inject spam.

    • Status: Fixed in version 2.4.1. If you were running anything older than that in late 2024, you were vulnerable.

  • Scenario B: You use “Broken Link Checker by AIOSEO”

    • The Flaw: In December 2025 (very recently), a critical “SQL Injection” vulnerability was reported in certain versions.

    • How it works: This allows attackers to directly interfere with your website’s database—perfect for injecting the “hidden links” found in your footer.

2. It “Hammers” Your Server

Even if the plugin were perfectly secure, it is widely considered “bad practice” to leave it active on a live site.

  • The Issue: It constantly scans your database and external websites.

  • The Result: It uses massive amounts of server resources (CPU/RAM). This slows down your site for students and can cause your hosting provider (Hostinger/others) to throttle or suspend your site.

  • Many hosting companies (like WP Engine) actually BAN this plugin because it causes so many crashes.

3. Connection to Your “Footer Spam” Hack

Your website is currently displaying hidden links to gambling sites (sumatra4dchat).

  • The Connection: “Broken Link Checker” plugins interact directly with your database tables to edit links. A vulnerability here is the perfect tool for a hacker to mass-edit your site’s links to point to their spam sites instead.

Recommendation

  1. Deactivate and Delete the “Broken Link Checker” plugin immediately.

  2. Alternative: If you need to check for broken links in the future, use a free external tool (like Dr. Link Check or Dead Link Checker) that scans your site from the outside. Do not use a plugin that runs inside your WordPress site for this task.

  3. Clean Up: After deleting it, you still need to remove the spam links manually (or restore from a backup made before the hack occurred).

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top