2 matches found
CVE-2023-1604
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...
CVE-2023-1604 Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...