CVE-2026-25385Server-Side Request Forgery in URL Shortify

CWE-918Server-Side Request Forgery4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kaizencoders URL Shortify
Timeline
PublishedFeb 19

Description

Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

CVEListV5kaizencoders/url_shortify1.12.3

🔴Vulnerability Details

2
CVEList
WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability2026-02-19
GHSA
GHSA-56mc-83vh-wp99: Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery2026-02-19

🕵️Threat Intelligence

1
Wiz
CVE-2026-25385 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-25385 — Server-Side Request Forgery | cvebase