Lucene search
K

URL Shortify <= 1.12.1 - Open Redirect

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 9 Views

WordPress URL Shortify up to version 1.12.1 has an open redirect via the redirect_to param for unauthenticated users.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-1277
18 Feb 202604:35
attackerkb
Circl
CVE-2026-1277
16 Mar 202618:31
circl
CNNVD
WordPress plugin URL Shortify 输入验证错误漏洞
18 Feb 202600:00
cnnvd
CVE
CVE-2026-1277
18 Feb 202604:35
cve
Cvelist
CVE-2026-1277 URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter
18 Feb 202604:35
cvelist
NVD
CVE-2026-1277
18 Feb 202605:16
nvd
Patchstack
WordPress URL Shortify plugin <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter vulnerability
17 Feb 202623:22
patchstack
Positive Technologies
PT-2026-20273
18 Feb 202600:00
ptsecurity
RedhatCVE
CVE-2026-1277
19 Feb 202607:28
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2026-1277
2 Apr 202600:00
vulncheck_kev
Rows per page
id: CVE-2026-1277

info:
  name: URL Shortify <= 1.12.1 - Open Redirect
  author: Shivam Kamboj
  severity: medium
  description: |
    The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link.
  impact: |
    Unauthenticated attackers can redirect users to malicious sites, facilitating phishing or malware distribution.
  remediation: |
    Update to the latest version beyond 1.12.1.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/url-shortify/url-shortify-1121-unauthenticated-open-redirect-via-redirect-to-parameter
    - https://nvd.nist.gov/vuln/detail/CVE-2026-1277
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
    cvss-score: 4.7
    cve-id: CVE-2026-1277
    epss-score: 0.00592
    epss-percentile: 0.44045
    cwe-id: CWE-601
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "/plugins/url-shortify/"
  tags: cve,cve2026,wordpress,wp,wp-plugin,redirect,url-shortify,unauth,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=heartbeat&kc_us_dismiss_admin_notice=1&option_name=bfcm_2025_offer&redirect_to=https://interact.sh"
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=heartbeat&kc_us_dismiss_admin_notice=1&option_name=welcome_offer&redirect_to=https://interact.sh"

    stop-at-first-match: true

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 4a0a00473045022100e8378a6334b829ac55b5144341c8360d0971979915449e54977460294af48de1022003cd91ae60abb4e7d51ece4e9acbdf5c1fc37128c82058e1fd46d14e7482416e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Mar 2026 18:31Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.14.7
EPSS0.00592
SSVC
9