5 matches found
CVE-2023-0099
CVE-2023-0099 impacts the Simple URLs WordPress plugin prior to 115, which does not sufficiently sanitise/escape certain parameters before echoing them, enabling Reflected Cross-Site Scripting. The vulnerability can affect high-privilege users (e.g., admins) by crafting malicious links; CVSS v3.1...
CVE-2023-0098
CVE-2023-0098 – Simple URLs WordPress plugin : A SQL injection exists in versions prior to 115 due to unescaped input in AJAX actions accessible to any authenticated user (e.g., subscribers). This can allow low-privilege users to influence SQL statements. The issue is mitigated by upgrading to ve...
CVE-2023-45606
CVE-2023-45606 is a CSRF vulnerability in the WordPress plugin Simple URLs (Link Cloaking, etc.) for versions up to 120. The issue enables Cross-Site Request Forgery without authentication, potentially allowing attackers to trigger unwanted actions on behalf of logged-in users. Public details fro...
CVE-2023-40674
CVE-2023-40674 affects the WordPress Simple URLs plugin (versions
CVE-2023-40667
CVE-2023-40667: Unauthenticated Reflected Cross-Site Scripting in WordPress Simple URLs plugin affecting versions