VYPR

Pretty Link

by WordPress

Source repositories

CVEs (9)

  • CVE-2019-25147HigJun 7, 2023
    risk 0.47cvss 7.2epss 0.01

    The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it…

  • CVE-2015-9457HigOct 10, 2019
    risk 0.47cvss 7.2epss 0.02

    The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.

  • CVE-2024-29770HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.

  • CVE-2011-4595MedJan 10, 2020
    risk 0.43cvss 6.1epss 0.02

    Pretty-Link WordPress plugin 1.5.2 has XSS

  • CVE-2025-48247MedMay 19, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through <= 3.6.15.

  • CVE-2024-2326MedMar 23, 2024
    risk 0.28cvss 4.3epss 0.00

    The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings.…

  • CVE-2022-47149MedMay 25, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.

  • CVE-2013-1636Mar 12, 2014
    risk 0.00cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3,…

  • CVE-2011-5191Sep 23, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.