3 matches found
CVE-2025-6064
The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-6064
CVE-2025-6064 affects the WP URL Shortener WordPress plugin (versions ≤ 1.2). Root cause: missing/incorrect nonce validation on the url_shortener_settings page enabling CSRF. Exploitation: unauthenticated attackers could forge requests to update settings and inject scripts if a site admin is tric...
CVE-2025-6064 WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...