Vulnerabilities and security researches forwp-bitly wp-bitly
Direction: ascendingJun 10, 2024
Bitly's WordPress Plugin # CVE-2023-5577
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 07, 2023
- Research Description
- The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.7.2.
- Status
-
vulnerable
Aug 13, 2024
Bitly's WordPress Plugin # CVE-2024-43209
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
- Affected versions
-
max 2.7.3.
- Status
-
vulnerable
Jan 10, 2025
Bitly's WordPress Plugin # CVE-2024-12616
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 09, 2025
- Research Description
- The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings.
- Affected versions
-
max 2.7.4.
- Status
-
vulnerable
Apr 26, 2026
Bitly's WordPress Plugin # CVE-2025-58231
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 23, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitlydeveloper Bitly wp-bitly allows Stored XSS.This issue affects Bitly: from n/a through <= 2.8.0.
- Affected versions
-
max 2.7.4.
- Status
-
vulnerable