Vulnerabilities and security researches forsimple-urls simple-urls

Jun 06, 2024

CVE, Research URL: CVE-2023-40674
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Date: Nov 30, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-45606
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Date: Oct 16, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-0098
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Date: Feb 13, 2023
Research Description: The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-0099
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Date: Feb 13, 2023
Research Description: The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-40667
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Date: Sep 27, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-40678
Home page URL: Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Application: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Lasso Simple URLs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through 117.
Affected versions: Min -, max -.
Status: vulnerable