CVE-2023-3129

The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3129

creationtimestamp| type| source ---|---|--- 2024-09-19 15:32:04+00:00| exploited| https://t.me/FanatixRipperNews/693 2024-09-19 15:32:04+00:00| published-proof-of-concept| Telegram/M-RM6JUeRS-yLbXH47dffFKYpTJTdkiqAiI6xYlcLmjs7Mv7LQ 2024-09-19 15:32:09+00:00| published-proof-of-concept|...

CVE-2023-3129

The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3129

CVE-2023-3129 affects the WordPress plugin URL Shortify (prior to version 1.7.0). The vulnerability arises because the plugin does not sanitize/escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in ...