cleantalk
Vulnerabilities and Security Researches

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management, CVE-2023-0098

CVE, Research URL

CVE-2023-0098

Home page URL

Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Application

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Published on
Feb 13, 2023
Research Description
The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.
Affected versions
Min -, max 115.
Status
vulnerable
Previous vulnerability researches
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-40678) , Jun 10, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-40674) , Jun 06, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-45606) , Jun 06, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-0098) , Jun 06, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-0099) , Jun 06, 2024
New vulnerability
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025