Lucene search
K

80 matches found

CVE
CVE
added 2025/04/04 3:58 p.m.70 views

CVE-2025-32134

Technical details for CVE-2025-32134 are not provided in the Connected Documents. No affected product/version, exploit info, or remediation is listed here; monitor for updates from official advisories.

5.9CVSS7.2AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 3:58 p.m.25 views

CVE-2025-32134 WordPress URL Shortify Plugin <= 1.10.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through = 1.10.5.1...

5.9CVSS0.00358EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/04 1:21 p.m.8 views

WordPress URL Shortify Plugin <= 1.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Malvin Valerian Gultom in WordPress Plugin URL Shortify versions = 1.10.5.1...

5.9CVSS7AI score0.00358EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.2 views

WordPress plugin URL Shortify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6.3AI score0.00358EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.19 views

WordPress URL Shortify Plugin < 1.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software URL Shortify Type Plugin Vulnerable versions 1.7.9.1 Fixed in 1.7.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5605 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 32b31c65bd12 Credits Bartlomiej Marek and Toma...

4.8CVSS6AI score0.00408EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/11/06 9:15 p.m.5 views

CVE-2023-5605

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00408EPSS
Exploits2References1
NVD
NVD
added 2023/11/06 9:15 p.m.31 views

CVE-2023-5605

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00408EPSS
Exploits2References1
Prion
Prion
added 2023/11/06 9:15 p.m.20 views

Cross site scripting

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.8AI score0.00408EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/11/06 8:42 p.m.52 views

CVE-2023-5605

CVE-2023-5605 affects the WordPress plugin URL Shortify prior to version 1.7.9.1. The issue is due to insufficient sanitization/escaping of certain plugin settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins), including in multisite setups where unfiltered_ht...

4.8CVSS4.9AI score0.00408EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 8:42 p.m.32 views

CVE-2023-5605 URL Shortify < 1.7.9.1 - Admin+ Stored XSS

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00408EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.8 views

PT-2023-32208 · WordPress · Url Shortify

Name of the Vulnerable Software and Affected Versions: URL Shortify WordPress plugin versions prior to 1.7.9.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, i...

4.8CVSS5.3AI score0.00408EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2023/10/16 12:0 a.m.18 views

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Multiple parameters in the plugin'...

4.8CVSS4.9AI score0.00408EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.150 views

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...

4.8CVSS5AI score0.00408EPSS
Exploits2
OSV
OSV
added 2023/09/11 8:15 p.m.2 views

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/09/11 8:15 p.m.25 views

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

6.1CVSS6.3AI score0.00735EPSS
Exploits2References1
Prion
Prion
added 2023/09/11 8:15 p.m.19 views

Design/Logic Flaw

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

5.8CVSS6.4AI score0.00735EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/11 7:46 p.m.6 views

CVE-2023-4294 URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

6.3AI score0.00735EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.26 views

CVE-2023-4294 URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

6.5AI score0.00735EPSS
Exploits2References1
CVE
CVE
added 2023/09/11 7:46 p.m.47 views

CVE-2023-4294

The CVE-2023-4294 entry concerns the URL Shortify WordPress plugin prior to version 1.7.6. Root cause: the referer header value is not properly escaped, enabling an unauthenticated user to inject malicious JavaScript that triggers in the plugin’s admin panel displaying created short-link statisti...

6.1CVSS6.4AI score0.00735EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.4 views

WordPress plugin URL Shortify Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS6.2AI score0.00735EPSS
Exploits2References2
Rows per page
Query Builder