cleantalk
Vulnerabilities and Security Researches

Short URL, CVE-2023-1602

CVE, Research URL

CVE-2023-1602

Home page URL

Security reports for Short URL

Application

Short URL

Published on
Jun 29, 2023
Research Description
The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.6.5.
Status
vulnerable
Previous vulnerability researches
Short URL (CVE-2023-47225) , Jun 10, 2024
Short URL (CVE-2024-32138) , Jun 07, 2024
Short URL (5093f6a13a8e7d49a1615e12fbd11f9a28b3f5cb) , Jun 07, 2024
Short URL (CVE-2022-46860) , Jun 07, 2024
Short URL (CVE-2023-45058) , Jun 07, 2024
New vulnerability
Multi Page Auto Advance for Gravity Forms (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Multi Page Auto Advance for Gravity Forms (d14c12884874d0e30bd3a312d43044fa4fe75582) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (f426f4bed17a59fb2e9150a529c7b250c2730586) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (4fa71b8c7d29c3050b951adfff5bf47b58228f4e) , Jun 16, 2026
Store Locator for WordPress with Google Maps – LotsOfLocales (2bee561a-8cf7-430b-9c72-2049d9776e34) , Jun 16, 2026