cleantalk
Vulnerabilities and Security Researches

Short URL, 49c452abea504abdd9ab5237225200824ba8be46

CVE, Research URL

49c452abea504abdd9ab5237225200824ba8be46

Home page URL

Security reports for Short URL

Application

Short URL

Published on
Jul 31, 2023
Research Description
Short URL [shorten-url] < 1.6.8 (closed) Short URL <= 1.6.7 - Missing Authorization via multiple AJAX functions The Short URL plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.6.7. This makes it possible for authenticated attackers such as subscribers to validate, reset, and delete links.
Affected versions
max 1.6.8.
Status
vulnerable
Previous vulnerability researches
Payment Gateway for PayFabric (8bbbf1c0e1c721fb1f89da1df32fc1e12d96430d) , Jun 07, 2024
Payment Gateway for PayFabric (CVE-2023-33999) , Jun 13, 2026
Payment Gateway for PayFabric (7561f277f93e22b75aabd0195a11a27ce8a0b791) , Jun 16, 2026
Payment Gateway for PayFabric (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
New vulnerability
Dynamic Widgets (bcd167c7824b22ce28b0a755c39fc633d83acfb4) , Jun 16, 2026
Dynamic Widgets (5dd9d324c9dd9e4f3db52cd08c75f2fb94e77fb5) , Jun 16, 2026
Dynamic Widgets (4d7faa92-9246-4685-ace9-ed62e555fbde) , Jun 16, 2026
Dynamic Widgets (fd8883125ab10ddf1bfb5cae4dbf4175fb52b317) , Jun 16, 2026
Change WordPress Login Logo (3e38c8a9639b68f093c62b2db41d27500a5cfe59) , Jun 16, 2026