WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Jitlada in WordPress Plugin URL Shortify versions = 1.12.3...

CVE-2026-1277

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

PT-2026-20273

Name of the Vulnerable Software and Affected Versions URL Shortify plugin for WordPress versions prior to 1.12.2 Description The URL Shortify plugin for WordPress is susceptible to an Open Redirect issue in all versions up to and including 1.12.1. This is due to inadequate validation of the...

WordPress URL Shortify plugin <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter vulnerability

Unauthenticated Open Redirect via 'redirectto' Parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin URL Shortify versions = 1.12.1...

CVE-2023-4294

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link...

EUVD-2025-203338

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin URL Shortify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

EUVD-2023-43814

Malicious code in bioql PyPI...

EUVD-2023-57898

Malicious code in bioql PyPI...

CVE-2023-5605

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-32134

Technical details for CVE-2025-32134 are not provided in the Connected Documents. No affected product/version, exploit info, or remediation is listed here; monitor for updates from official advisories.

CVE-2023-5605

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Multiple parameters in the plugin'...

CVE-2023-3129

The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

URL Shortify < 1.7.0 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "URL Shortify Settings Links"...

CVE-2021-24749

The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack...

URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF

The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack. PoC https://example.com/wp-admin/admin.php?page=uslinks=bulkdeleteids=1...