PT-2026-5097

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2023-45058

Cross-Site Request Forgery CSRF vulnerability in KaizenCoders Short URL plugin = 1.6.8 versions...

CVE-2025-23688

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in editionskezzal Cobwebo URL Plugin cobwebo-url allows Reflected XSS.This issue affects Cobwebo URL Plugin: from n/a through = 1.0...

EUVD-2025-5692

Malicious code in bioql PyPI...

EUVD-2023-49379

Malicious code in bioql PyPI...

EUVD-2023-23836

Malicious code in bioql PyPI...

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure vulnerability

Missing Authorization to Password Protected Post Disclosure vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...

CVE-2025-48102

CVE-2025-48102 describes a stored XSS in the WordPress plugin GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership versions up to 1.6.6 . The vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Public sources in conne...

CVE-2023-2921 Short URL <= 1.6.8 - Subscriber+ SQLi

The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers...

CVE-2023-2921 Short URL <= 1.6.8 - Subscriber+ SQLi

The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers...

CVE-2023-2921

The CVE-2023-2921 entry concerns the WordPress Short URL plugin (versions ≤ 1.6.8). A parameter is not properly sanitised/escaped before its use in an SQL statement, enabling SQL injection. Impact is stated as exploitable by users with low privileges (e.g., subscribers). Affected component is the...

PT-2025-24017 · WordPress · Short Url Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Short URL WordPress plugin versions 1.6.8 and earlier Description: The issue is related to a SQL injection problem. The Short URL WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading t...

WordPress plugin Short URL 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-2009

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1604

The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configurationpage function. This makes it possible for unauthenticated attackers to add and import redirects, includi...

CVE-2025-3098

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2025-3098

CVE-2025-3098 concerns the Video Url WordPress plugin. It is a Reflected Cross-Site Scripting flaw via the id parameter in all versions up to and including 1.0.0.3, caused by insufficient input sanitization and output escaping. The impact is that unauthenticated attackers could inject script into...

CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

WordPress Include URL plugin = 0.3.5 Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin Include URL versions = 0.3.5...