161 matches found
CVE-2025-23789
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener | Conversion Tracking | AB Testing |...
CVE-2025-1362
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks...
CVE-2025-1363
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
Cross-site Scripting (XSS)
Overview yourls/yourls is an is a set of PHP scripts that allow you to run Your Own URL Shortener. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the callback and jsonp request parameters, which are concatenated into the response without proper sanitization. An...
EUVD-2025-203236
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-10738
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-10738
CVE-2025-10738 concerns the WordPress URL Shortener Plugin for WordPress. The initial description notes an Unauthenticated SQL Injection via the parameter ‘analytic_id’ in all versions up to and including 3.0.7, due to insufficient escaping and preparation of the SQL query. Connected documents (W...
CVE-2025-10738 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
CVE-2025-10738 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
WordPress plugin URL Shortener Plugin For WordPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL...
CVE-2025-10740
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
CVE-2025-10740
CVE-2025-10740 affects the WordPress plugin URL Shortener Plugin For WordPress (versions up to 3.0.7). The vulnerability arises from a missing capability check in verifyRequest, allowing authenticated attackers with Subscriber-level access or higher to access API functionality and modify links. T...
CVE-2025-10740 URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
CVE-2025-10740 URL Shortener Plugin For WordPress <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation
The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, wi...
PT-2025-43586
Name of the Vulnerable Software and Affected Versions URL Shortener Plugin For WordPress versions through 3.0.7 Description The URL Shortener Plugin For WordPress plugin is susceptible to unauthorized access to API functionality. A missing capability check within the verifyRequest function allows...
WordPress URL Shortener Plugin For WordPress plugin <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Link Manipulation vulnerability
Missing Authorization to Authenticated Subscriber+ Link Manipulation vulnerability discovered by ifoundbug in WordPress Plugin URL Shortener versions = 3.0.7...
CVE-2025-10133
The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyarshortlink' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2021-0020
Malware in sbrugna...
EUVD-2011-3781
Malware in sbrugna...
EUVD-2025-6116
Malicious code in bioql PyPI...