Kaizencoders Url Shortify vulnerabilities
6 known vulnerabilities affecting kaizencoders/url_shortify.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5UNKNOWN1
Vulnerabilities
Page 1 of 1
CVE-2026-25385MEDIUMCVSS 5.5≤ 1.12.32026-02-19
CVE-2026-25385 [MEDIUM] CWE-918 CVE-2026-25385: Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Se
Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.
cvelistv5nvd
CVE-2025-32134UNKNOWN≤ 1.10.5.12025-04-04
CVE-2025-32134 CWE-79 CVE-2025-32134: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through <= 1.10.5.1.
cvelistv5nvd
CVE-2023-5605MEDIUMCVSS 4.8≤ 1.7.82023-11-06
CVE-2023-5605 [MEDIUM] CWE-79 CVE-2023-5605: The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings,
The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2023-4294MEDIUMCVSS 6.1fixed in 1.7.62023-09-11
CVE-2023-4294 [MEDIUM] CWE-79 CVE-2023-4294: The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer hea
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
nvd
CVE-2023-3129MEDIUMCVSS 4.8fixed in 1.7.02023-07-10
CVE-2023-3129 [MEDIUM] CWE-79 CVE-2023-3129: The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, wh
The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2021-24749MEDIUMCVSS 4.3fixed in 1.5.12021-11-29
CVE-2021-24749 [MEDIUM] CWE-352 CVE-2021-24749: The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.
nvd