URL Shortify <= 1.12.1 - Open Redirect

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

WordPress URL Shortify – Simple and Easy URL Shortener plugin <= 1.10.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin URL Shortify versions = 1.10.4...

CVE-2026-25385

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385

Summary (CVE-2026-25385): A Server-Side Request Forgery (SSRF) vulnerability exists in the WordPress plugin URL Shortify (KaizenCoders) for versions from the initial release up to and including 1.12.3. Public sources in the Connected documents corroborate the SSRF issue and indicate the vulnerabi...

CVE-2026-25385

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

CVE-2026-25385 WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

PT-2026-20719

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

WordPress URL Shortify plugin <= 1.11.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nguyễn Đức Toàn in WordPress Plugin URL Shortify versions = 1.11.2...

CVE-2025-12684

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

CVE-2025-12684

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

CVE-2025-13355

CVE-2025-13355 concerns the WordPress URL Shortify plugin prior to 1.11.4. Multiple sources confirm a reflected cross‑site scripting (XSS) vulnerability where an unsanitized parameter is echoed back on the page, potentially affecting high‑privilege users (e.g., admins). The CVSS 3.1 base score is...

CVE-2025-13355 URL Shortify < 1.11.4 - Reflected XSS

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-12684 URL Shortify < 1.11.3 - Reflected XSS

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

CVE-2025-12684

CVE-2025-12684 : The WordPress Plugin URL Shortify is vulnerable in versions before 1.11.3 due to failure to sanitize and escape a parameter before reflecting it on the page, causing a reflected cross-site scripting (XSS). Exploitation could target high-privilege users (e.g., admins). Impact per ...

CVE-2025-12684 URL Shortify < 1.11.3 - Reflected XSS

The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins...

EUVD-2025-9882

Malicious code in bioql PyPI...

CVE-2021-24749

The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack...

CVE-2025-32134

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through = 1.10.5.1...

CVE-2025-32134 WordPress URL Shortify Plugin <= 1.10.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaizenCoders URL Shortify allows Stored XSS. This issue affects URL Shortify: from n/a through 1.10.4...