Lucene search
K

145 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:6 a.m.6 views

CVE-2024-5380

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

5.3CVSS6AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:46 a.m.8 views

CVE-2023-3130

The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00497EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.3 views

CVE-2023-1604

The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...

4.8CVSS6.5AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.7 views

CVE-2023-47225

Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through = 1.6.8...

5.4CVSS7.3AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:49 a.m.10 views

CVE-2022-46860

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4...

9.8CVSS8.9AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:10 a.m.5 views

CVE-2010-1061

Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANGCODE parameter to 1 url/app/common.inc.php and 2 codelib/cfg/common.inc.php...

6.8CVSS7.5AI score0.01356EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:5 a.m.13 views

CVE-2024-32138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8...

7.1CVSS5.2AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2025/01/02 12:15 p.m.11 views

CVE-2023-47225

Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through = 1.6.8...

5.4CVSS0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/02 12:0 p.m.10 views

CVE-2023-47225 WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through = 1.6.8...

5.4CVSS7.3AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/02 12:0 p.m.19 views

CVE-2023-47225 WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through = 1.6.8...

5.4CVSS0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.3 views

PT-2025-1535 · Kaizencoders · Kaizencoders Short Url

Name of the Vulnerable Software and Affected Versions: KaizenCoders Short URL versions 1.6.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 1.6.8 a...

5.4CVSS9.4AI score0.00343EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.3 views

WordPress plugin Short URL 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.4CVSS8.6AI score0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/08/17 8:15 a.m.3 views

CVE-2023-1604

The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...

4.8CVSS5.8AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/17 7:34 a.m.14 views

CVE-2023-1604 Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page

The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...

4.7CVSS5.9AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/17 7:34 a.m.26 views

CVE-2023-1604 Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page

The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...

4.7CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2024/05/26 11:15 p.m.17 views

CVE-2024-5380

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

5.3CVSS3.8AI score0.00345EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/26 10:31 p.m.16 views

CVE-2024-5380 jsy-1 short-url admin.php cross site scripting

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

5.3CVSS6.3AI score0.00345EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/26 10:31 p.m.30 views

CVE-2024-5380 jsy-1 short-url admin.php cross site scripting

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

5.3CVSS3.8AI score0.00345EPSS
Exploits0References5
CVE
CVE
added 2024/05/26 10:31 p.m.66 views

CVE-2024-5380

The CVE-2024-5380 entry describes a cross-site scripting (XSS) vulnerability in the Short URL system by jsy-1, affecting version 1.0.0. The flaw is located in an unknown function within admin.php where manipulating the url parameter enables remote exploitation. A fix exists in version 2.0.0, via ...

5.3CVSS3.8AI score0.00345EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.11 views

Short URL <= 1.6.8 - Reflected Cross-Site Scripting

Description The Short URL plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00351EPSS
Exploits0References1
Rows per page
Query Builder