cleantalk
Vulnerabilities and Security Researches

Short Link, CVE-2026-0813

CVE, Research URL

CVE-2026-0813

Home page URL

Security reports for Short Link

Application

Short Link

Published on
Jan 14, 2026
Research Description
The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short_link_post_title' and 'short_link_page_title' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.
Affected versions
max 1.0.
Status
vulnerable
Previous vulnerability researches
Add Any Extension to Pages (214b59c3-5411-4137-b1a7-3bba417e495b) , Jun 07, 2024
Add Any Extension to Pages (CVE-2023-50873) , Jun 07, 2024
New vulnerability
Electric Studio Download Counter (CVE-2026-0741) , Apr 17, 2026
Custom New User Notification (CVE-2026-3551) , Apr 17, 2026
3D viewer – Embed 3D Models on WordPress (CVE-2026-40729) , Apr 17, 2026
Customer Reviews for WooCommerce (CVE-2026-3355) , Apr 17, 2026
DirectoryPress – Business Directory And Classified Ad Listing (CVE-2026-3489) , Apr 17, 2026