Unknown Url Shortify vulnerabilities

5 known vulnerabilities affecting unknown/url_shortify.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-13355HIGHCVSS 7.1fixed in 1.11.42025-12-15
CVE-2025-13355 [HIGH] CWE-79 CVE-2025-13355: The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before out The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
cvelistv5nvd
CVE-2025-12684HIGHCVSS 7.1fixed in 1.11.32025-12-15
CVE-2025-12684 [HIGH] CWE-79 CVE-2025-12684: The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before out The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.
cvelistv5nvd
CVE-2023-5605MEDIUMCVSS 4.8fixed in 1.7.9.12023-11-06
CVE-2023-5605 [MEDIUM] CWE-79 CVE-2023-5605: The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
cvelistv5nvd
CVE-2023-4294MEDIUMCVSS 6.1fixed in 1.7.62023-09-11
CVE-2023-4294 [MEDIUM] CWE-79 CVE-2023-4294: The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer hea The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
cvelistv5nvd
CVE-2023-3129MEDIUMCVSS 4.8fixed in 1.7.02023-07-10
CVE-2023-3129 [MEDIUM] CWE-79 CVE-2023-3129: The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, wh The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
cvelistv5nvd