cleantalk
Vulnerabilities and Security Researches

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress, CVE-2025-12684

CVE, Research URL

CVE-2025-12684

Home page URL

Security reports for URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Application

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Published on
Dec 15, 2025
Research Description
The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.
Affected versions
max 1.11.3.
Status
vulnerable
Previous vulnerability researches
Supertext Translation and Proofreading (CVE-2025-47639) , May 09, 2025
Theme and plugin translation for Polylang (TTfP) (CVE-2022-4169) , Jun 07, 2024
Polylang (CVE-2014-4855) , Jun 06, 2024
Polylang (CVE-2025-64353) , Dec 10, 2025
Polylang , Jan 16, 2025
New vulnerability
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-67535) , Jan 09, 2026
Widgets for Google Reviews (CVE-2025-12510) , Jan 09, 2026
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2025-63054) , Jan 09, 2026
Filter & Grids (CVE-2025-10289) , Jan 09, 2026
Admin and Site Enhancements (ASE) (CVE-2025-64255) , Jan 09, 2026