cleantalk
Vulnerabilities and Security Researches

Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin, CVE-2019-25147

CVE, Research URL

CVE-2019-25147

Home page URL

Security reports for Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

Application

Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

Published on
Jun 07, 2023
Research Description
The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.6.1.
Status
vulnerable
Previous vulnerability researches
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2011-4595) , Jun 10, 2024
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2025-48247) , May 21, 2025
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2011-5192) , Jun 07, 2024
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2015-9457) , Jun 07, 2024
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2013-1636) , Jun 07, 2024
New vulnerability
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2025-48341) , May 21, 2025
Back Button Widget (CVE-2025-48252) , May 21, 2025
Cloudflare Turnstile or reCAPTCHA For All Pages, to Block Spam and Hackers Attack, Block Visitors from China (CVE-2025-48243) , May 21, 2025
Free Shipping Amount Label & Progress Bar for WooCommerce (CVE-2025-48253) , May 21, 2025
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5878) , May 21, 2025