URL Shortify <= 1.12.1 - Open Redirect

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

WordPress URL Shortify – Simple and Easy URL Shortener plugin <= 1.10.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin URL Shortify versions = 1.10.4...

CVE-2026-25385

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385

Summary (CVE-2026-25385): A Server-Side Request Forgery (SSRF) vulnerability exists in the WordPress plugin URL Shortify (KaizenCoders) for versions from the initial release up to and including 1.12.3. Public sources in the Connected documents corroborate the SSRF issue and indicate the vulnerabi...

PT-2026-20719

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-1277 URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

WordPress plugin URL Shortify 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress URL Shortify plugin <= 1.11.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Gregory Allegoet in WordPress Plugin URL Shortify versions = 1.11.3...

WordPress URL Shortify plugin <= 1.11.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nguyễn Đức Toàn in WordPress Plugin URL Shortify versions = 1.11.2...

CVE-2025-12684

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

EUVD-2025-203339

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-12684

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

CVE-2025-13355 URL Shortify < 1.11.4 - Reflected XSS

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13355

CVE-2025-13355 concerns the WordPress URL Shortify plugin prior to 1.11.4. Multiple sources confirm a reflected cross‑site scripting (XSS) vulnerability where an unsanitized parameter is echoed back on the page, potentially affecting high‑privilege users (e.g., admins). The CVSS 3.1 base score is...

CVE-2025-12684 URL Shortify < 1.11.3 - Reflected XSS

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

CVE-2025-12684

CVE-2025-12684 : The WordPress Plugin URL Shortify is vulnerable in versions before 1.11.3 due to failure to sanitize and escape a parameter before reflecting it on the page, causing a reflected cross-site scripting (XSS). Exploitation could target high-privilege users (e.g., admins). Impact per ...