Vulnerabilities and security researches forexact-links exact-links

Jan 11, 2026

CVE, Research URL: CVE-2025-10738
Home page URL: Security reports for URL Shortener Plugin For WordPress
Application: URL Shortener Plugin For WordPress
Date: Dec 13, 2025
Research Description: The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 3.0.7.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-10740
Home page URL: Security reports for URL Shortener Plugin For WordPress
Application: URL Shortener Plugin For WordPress
Date: Oct 24, 2025
Research Description: The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify links.
Affected versions: max 3.0.7.
Status: vulnerable

Jul 19, 2025

CVE, Research URL: CVE-2025-28959
Home page URL: Security reports for URL Shortener Plugin For WordPress
Application: URL Shortener Plugin For WordPress
Date: Jul 16, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL Injection. This issue affects URL Shortener: from n/a through 3.0.7.
Affected versions: max 3.0.7.
Status: vulnerable

CVE, Research URL: CVE-2025-28965
Home page URL: Security reports for URL Shortener Plugin For WordPress
Application: URL Shortener Plugin For WordPress
Date: Jul 16, 2025
Research Description: Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7.
Affected versions: max 3.0.7.
Status: vulnerable

CVE, Research URL: CVE-2025-28961
Home page URL: Security reports for URL Shortener Plugin For WordPress
Application: URL Shortener Plugin For WordPress
Date: Jul 16, 2025
Research Description: Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7.
Affected versions: max 3.0.7.
Status: vulnerable

Jul 05, 2025

CVE, Research URL: CVE-2025-28963
Home page URL: Security reports for URL Shortener Plugin For WordPress
Application: URL Shortener Plugin For WordPress
Date: Jul 04, 2025
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener allows Server Side Request Forgery. This issue affects URL Shortener: from n/a through 3.0.7.
Affected versions: max 3.0.7.
Status: vulnerable