Short Url Security Vulnerabilities and Issues — Short Url CVE List

Lucene search

KaizencodersShort Url

4 matches found

cve•added 2023/07/31 10:15 a.m.•46 views

CVE-2023-3130

The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.00107EPSS

cve•added 2023/10/12 1:15 p.m.•39 views

CVE-2023-45058

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin

8.8CVSS6.5AI score0.0007EPSS

cve•added 2023/11/06 8:15 a.m.•30 views

CVE-2022-46860

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.

9.8CVSS9.9AI score0.0021EPSS

cve•added 2023/06/29 2:15 a.m.•24 views

CVE-2023-1602

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.8CVSS5AI score0.00242EPSS