Lucene search
+L

216 matches found

ossf
ossf
added 2026/07/01 8:48 p.m.9 views

Malicious code in svgcraft-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3863ea8f67c7365031b5ffb43aaa2721062669b49be8157e1dd32ce19dce511f src/index.cjs exports getPlugin, which returns a function that performs an HTTPS GET to a hardcoded URL 'https://api.avax-test.dev/ext/bc/C/rpc' with...

6.4AI score
Exploits0References6
osv
osv
added 2026/07/01 6:35 p.m.8 views

MAL-2026-6707 Malicious code in svgson-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb1026a96918a3f4ed4c7c4f0aa75411c3869f1ad14405174e396b4e67907d2 index.js exports an undocumented getPlugin function which, when invoked, performs an HTTP GET to https://shorturl.at/147uq, JSON-parses the response...

6.4AI score
Exploits0References8
osv
osv
added 2026/07/01 6:16 p.m.5 views

CVE-2026-58520

URL redirection to untrusted site 'open redirect' vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from before 1.43.9, 1.44.6, 1.45.4...

6.1CVSS6AI score
Exploits0References2
euvd
euvd
added 2026/07/01 5:14 p.m.8 views

EUVD-2026-41099

URL redirection to untrusted site 'open redirect' vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from before 1.43.9, 1.44.6, 1.45.4...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References2
cve
cve
added 2026/07/01 2:29 p.m.18 views

CVE-2026-13706

The CVE-2026-13706 entry concerns Wikimedia Foundation UrlShortener with an improper input validation issue in the UrlShortenerUtils.Php component. According to the NVD entry, the flaw yields a HIGH-severity impact across confidentiality, integrity, and availability (C:H/I:H/A:H) with network att...

8.8CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.8 views

PT-2026-54634

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation UrlShortener affected versions not specified Description Improper input validation occurs within the includes/UrlShortenerUtils.Php file. Input validation is the process of ensuring that a program operates on clean, correc...

8.8CVSS6.1AI score0.00328EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.9 views

PT-2026-54919

Name of the Vulnerable Software and Affected Versions Mediawiki - UrlShortener Extension versions prior to 1.43.9 Mediawiki - UrlShortener Extension version 1.44.6 Mediawiki - UrlShortener Extension version 1.45.4 Description An open redirect issue exists which allows URL redirection to untrusted...

6.9CVSS5.8AI score0.00176EPSS
Exploits0References7
cvelist
cvelist
added 2026/02/18 4:35 a.m.29 views

CVE-2026-1277 URL Shortify <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

4.7CVSS0.00592EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 8:47 a.m.8 views

CVE-2025-23789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener | Conversion Tracking | AB Testing |...

7.1CVSS7.2AI score0.00241EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:55 a.m.20 views

CVE-2025-1362

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks...

4.3CVSS7AI score0.00156EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/07 9:54 a.m.21 views

CVE-2025-1363

The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

3.5CVSS5.8AI score0.00296EPSS
Exploits1References1
patchstack
patchstack
added 2025/12/31 12:0 a.m.10 views

WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Reflected Cross-Site Scripting vulnerability

WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin = 2.4.1 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin ClickWhale versions = 2.4.1...

6.1CVSS5.3AI score0.00345EPSS
Exploits0References1Affected Software1
snyk
snyk
added 2025/12/30 7:34 p.m.4 views

Cross-site Scripting (XSS)

Overview yourls/yourls is an is a set of PHP scripts that allow you to run Your Own URL Shortener. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the callback and jsonp request parameters, which are concatenated into the response without proper sanitization. An...

6.1CVSS5.3AI score
Exploits0References2
patchstack
patchstack
added 2025/12/16 5:45 p.m.8 views

WordPress URL Shortener Plugin For WordPress plugin <= 3.0.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin URL Shortener versions = 3.0.7...

9.8CVSS7.8AI score0.0036EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203236

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

9.8CVSS6.3AI score0.0036EPSS
Exploits0References4
nvd
nvd
added 2025/12/13 4:16 p.m.5 views

CVE-2025-10738

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

9.8CVSS0.0036EPSS
Exploits0References3
cvelist
cvelist
added 2025/12/13 6:33 a.m.36 views

CVE-2025-10738 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

9.8CVSS0.0036EPSS
Exploits0References3
cve
cve
added 2025/12/13 6:33 a.m.21 views

CVE-2025-10738

CVE-2025-10738 concerns the WordPress URL Shortener Plugin for WordPress. The initial description notes an Unauthenticated SQL Injection via the parameter ‘analytic_id’ in all versions up to and including 3.0.7, due to insufficient escaping and preparation of the SQL query. Connected documents (W...

9.8CVSS6.3AI score0.0036EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/12/13 6:33 a.m.5 views

CVE-2025-10738 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

9.8CVSS6.3AI score0.0036EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/12/13 12:0 a.m.6 views

WordPress plugin URL Shortener Plugin For WordPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL...

9.8CVSS7.5AI score0.0036EPSS
Exploits0References4
Rows per page
Query Builder