VYPR

Shorten URL

by WordPress

Source repositories

CVEs (12)

  • CVE-2023-2921HigJun 6, 2025
    risk 0.57cvss 8.8epss 0.00

    The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.

  • CVE-2025-13355HigDec 15, 2025
    risk 0.46cvss 7.1epss 0.00

    The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2025-12684HigDec 15, 2025
    risk 0.46cvss 7.1epss 0.00

    The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.

  • CVE-2023-4294MedSep 11, 2023
    risk 0.40cvss 6.1epss 0.01

    The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

  • CVE-2025-32134MedApr 4, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through <= 1.10.5.1.

  • CVE-2023-47225MedJan 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through <= 1.6.8.

  • CVE-2026-1277MedFeb 18, 2026
    risk 0.31cvss 4.7epss 0.01

    The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect…

  • CVE-2023-1604MedAug 17, 2024
    risk 0.31cvss 4.7epss 0.00

    The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import…

  • CVE-2023-5605MedNov 6, 2023
    risk 0.31cvss 4.8epss 0.00

    The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2023-3130MedJul 31, 2023
    risk 0.31cvss 4.8epss 0.00

    The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2023-3129MedJul 10, 2023
    risk 0.31cvss 4.8epss 0.00

    The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2021-24749MedNov 29, 2021
    risk 0.28cvss 4.3epss 0.00

    The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.