cleantalk
Vulnerabilities and Security Researches

Short URL, 49c452abea504abdd9ab5237225200824ba8be46

CVE, Research URL

49c452abea504abdd9ab5237225200824ba8be46

Home page URL

Security reports for Short URL

Application

Short URL

Published on
Jul 31, 2023
Research Description
Short URL [shorten-url] < 1.6.8 (closed) Short URL <= 1.6.7 - Missing Authorization via multiple AJAX functions The Short URL plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.6.7. This makes it possible for authenticated attackers such as subscribers to validate, reset, and delete links.
Affected versions
max 1.6.8.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Support Ticket (e84585851242702267d5dea9c66917a9ed7789e5) , Jun 16, 2026
Support Ticket (887d08d5f6f5bdbcd7cb32b84595218871242343) , Jun 16, 2026
Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal (28a90cb9e1aab33eaf118ec9377b0583d4db37cb) , Jun 16, 2026
Real Testimonials (b608d2d1-b757-427b-a079-32792c2a8d42) , Jun 16, 2026
Real Testimonials (8f1e70a958ba31272d3a21553ce89d5910ae5628) , Jun 16, 2026